public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: Rebase to 3.5.0-alpha1
@ 2026-06-09 12:45 Dmitry Belyavskiy
0 siblings, 0 replies; only message in thread
From: Dmitry Belyavskiy @ 2026-06-09 12:45 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : aed1393c1ad05e9777840390f260d6bc84c8ab67
Author : Dmitry Belyavskiy <dbelyavs@redhat.com>
Date : 2025-03-21T17:22:55+01:00
Stats : +11696/-15790 in 111 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/aed1393c1ad05e9777840390f260d6bc84c8ab67?branch=rebase_40beta
Log:
Rebase to 3.5.0-alpha1
---
diff --git a/.gitignore b/.gitignore
index 144f98f..702507b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -63,3 +63,4 @@ openssl-1.0.0a-usa.tar.bz2
/openssl-3.2.1.tar.gz
/openssl-3.2.2.tar.gz
/openssl-3.2.4.tar.gz
+/openssl-3.5.0-alpha1.tar.gz
diff --git a/0001-Aarch64-and-ppc64le-use-lib64.patch b/0001-Aarch64-and-ppc64le-use-lib64.patch
deleted file mode 100644
index e5d23ba..0000000
--- a/0001-Aarch64-and-ppc64le-use-lib64.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 603a35802319c0459737e3f067369ceb990fe2e6 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Thu, 24 Sep 2020 09:01:41 +0200
-Subject: Aarch64 and ppc64le use lib64
-
-(Was openssl-1.1.1-build.patch)
----
- Configurations/10-main.conf | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
-index d7580bf3e1..a7dbfd7f40 100644
---- a/Configurations/10-main.conf
-+++ b/Configurations/10-main.conf
-@@ -723,6 +723,7 @@ my %targets = (
- lib_cppflags => add("-DL_ENDIAN"),
- asm_arch => 'ppc64',
- perlasm_scheme => "linux64le",
-+ multilib => "64",
- },
-
- "linux-armv4" => {
-@@ -765,6 +766,7 @@ my %targets = (
- inherit_from => [ "linux-generic64" ],
- asm_arch => 'aarch64',
- perlasm_scheme => "linux64",
-+ multilib => "64",
- },
- "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
- inherit_from => [ "linux-generic32" ],
---
-2.26.2
-
diff --git a/0001-RH-Aarch64-and-ppc64le-use-lib64.patch b/0001-RH-Aarch64-and-ppc64le-use-lib64.patch
new file mode 100644
index 0000000..5a12a8f
--- /dev/null
+++ b/0001-RH-Aarch64-and-ppc64le-use-lib64.patch
@@ -0,0 +1,38 @@
+From 8fea6f96755fd2fac7c6359ca229ff506b74611b Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:14 +0100
+Subject: [PATCH 01/49] RH: Aarch64 and ppc64le use lib64
+
+Patch-name: 0001-Aarch64-and-ppc64le-use-lib64.patch
+Patch-id: 1
+Patch-status: |
+ # # Patches exported from source git
+ # # Aarch64 and ppc64le use lib64
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ Configurations/10-main.conf | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
+index cba57b4127..3e327017ef 100644
+--- a/Configurations/10-main.conf
++++ b/Configurations/10-main.conf
+@@ -726,6 +726,7 @@ my %targets = (
+ lib_cppflags => add("-DL_ENDIAN"),
+ asm_arch => 'ppc64',
+ perlasm_scheme => "linux64le",
++ multilib => "64",
+ },
+
+ "linux-armv4" => {
+@@ -768,6 +769,7 @@ my %targets = (
+ inherit_from => [ "linux-generic64" ],
+ asm_arch => 'aarch64',
+ perlasm_scheme => "linux64",
++ multilib => "64",
+ },
+ "linux-arm64ilp32" => { # https://wiki.linaro.org/Platform/arm64-ilp32
+ inherit_from => [ "linux-generic32" ],
+--
+2.48.1
+
diff --git a/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch b/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch
new file mode 100644
index 0000000..aec6918
--- /dev/null
+++ b/0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch
@@ -0,0 +1,419 @@
+From 4cb002a0c3b87ce4f92c3ad00bbc5d8936623b17 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Thu, 6 Mar 2025 08:40:29 -0500
+Subject: [PATCH 02/49] Add a separate config file to use for rpm installs
+
+In RHEL/Fedora systems we want to use a slightly different set
+of defaults, but we do not want to change the standard config file
+because there are many assumptions about its configuration in
+openssl upstream tests.
+
+So we create a separate one to use to override the default on on
+installation.
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ rh-openssl.cnf | 391 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 391 insertions(+)
+ create mode 100644 rh-openssl.cnf
+
+diff --git a/rh-openssl.cnf b/rh-openssl.cnf
+new file mode 100644
+index 0000000000..caaa33808d
+--- /dev/null
++++ b/rh-openssl.cnf
+@@ -0,0 +1,391 @@
++#
++# OpenSSL example configuration file.
++# See doc/man5/config.pod for more info.
++#
++# This is mostly being used for generation of certificate requests,
++# but may be used for auto loading of providers
++
++# Note that you can include other files from the main configuration
++# file using the .include directive.
++#.include filename
++
++# This definition stops the following lines choking if HOME isn't
++# defined.
++HOME = .
++
++# Use this in order to automatically load providers.
++openssl_conf = openssl_init
++
++# Comment out the next line to ignore configuration errors
++config_diagnostics = 1
++
++# Extra OBJECT IDENTIFIER info:
++# oid_file = $ENV::HOME/.oid
++oid_section = new_oids
++
++# To use this configuration file with the "-extfile" option of the
++# "openssl x509" utility, name here the section containing the
++# X.509v3 extensions to use:
++# extensions =
++# (Alternatively, use a configuration file that has only
++# X.509v3 extensions in its main [= default] section.)
++
++[ new_oids ]
++# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
++# Add a simple OID like this:
++# testoid1=1.2.3.4
++# Or use config file substitution like this:
++# testoid2=${testoid1}.5.6
++
++# Policies used by the TSA examples.
++tsa_policy1 = 1.2.3.4.1
++tsa_policy2 = 1.2.3.4.5.6
++tsa_policy3 = 1.2.3.4.5.7
++
++# For FIPS
++# Optionally include a file that is generated by the OpenSSL fipsinstall
++# application. This file contains configuration data required by the OpenSSL
++# fips provider. It contains a named section e.g. [fips_sect] which is
++# referenced from the [provider_sect] below.
++# Refer to the OpenSSL security policy for more information.
++# .include fipsmodule.cnf
++
++[openssl_init]
++providers = provider_sect
++
++# List of providers to load
++[provider_sect]
++default = default_sect
++# The fips section name should match the section name inside the
++# included fipsmodule.cnf.
++# fips = fips_sect
++
++# If no providers are activated explicitly, the default one is activated implicitly.
++# See man 7 OSSL_PROVIDER-default for more details.
++#
++# If you add a section explicitly activating any other provider(s), you most
++# probably need to explicitly activate the default provider, otherwise it
++# becomes unavailable in openssl. As a consequence applications depending on
++# OpenSSL may not work correctly which could lead to significant system
++# problems including inability to remotely access the system.
++[default_sect]
++# activate = 1
++
++
++####################################################################
++[ ca ]
++default_ca = CA_default # The default ca section
++
++####################################################################
++[ CA_default ]
++
++dir = ./demoCA # Where everything is kept
++certs = $dir/certs # Where the issued certs are kept
++crl_dir = $dir/crl # Where the issued crl are kept
++database = $dir/index.txt # database index file.
++#unique_subject = no # Set to 'no' to allow creation of
++ # several certs with same subject.
++new_certs_dir = $dir/newcerts # default place for new certs.
++
++certificate = $dir/cacert.pem # The CA certificate
++serial = $dir/serial # The current serial number
++crlnumber = $dir/crlnumber # the current crl number
++ # must be commented out to leave a V1 CRL
++crl = $dir/crl.pem # The current CRL
++private_key = $dir/private/cakey.pem # The private key
++
++x509_extensions = usr_cert # The extensions to add to the cert
++
++# Comment out the following two lines for the "traditional"
++# (and highly broken) format.
++name_opt = ca_default # Subject Name options
++cert_opt = ca_default # Certificate field options
++
++# Extension copying option: use with caution.
++# copy_extensions = copy
++
++# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
++# so this is commented out by default to leave a V1 CRL.
++# crlnumber must also be commented out to leave a V1 CRL.
++# crl_extensions = crl_ext
++
++default_days = 365 # how long to certify for
++default_crl_days= 30 # how long before next CRL
++default_md = default # use public key default MD
++preserve = no # keep passed DN ordering
++
++# A few difference way of specifying how similar the request should look
++# For type CA, the listed attributes must be the same, and the optional
++# and supplied fields are just that :-)
++policy = policy_match
++
++# For the CA policy
++[ policy_match ]
++countryName = match
++stateOrProvinceName = match
++organizationName = match
++organizationalUnitName = optional
++commonName = supplied
++emailAddress = optional
++
++# For the 'anything' policy
++# At this point in time, you must list all acceptable 'object'
++# types.
++[ policy_anything ]
++countryName = optional
++stateOrProvinceName = optional
++localityName = optional
++organizationName = optional
++organizationalUnitName = optional
++commonName = supplied
++emailAddress = optional
++
++####################################################################
++[ req ]
++default_bits = 2048
++default_keyfile = privkey.pem
++distinguished_name = req_distinguished_name
++attributes = req_attributes
++x509_extensions = v3_ca # The extensions to add to the self signed cert
++
++# Passwords for private keys if not present they will be prompted for
++# input_password = secret
++# output_password = secret
++
++# This sets a mask for permitted string types. There are several options.
++# default: PrintableString, T61String, BMPString.
++# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
++# utf8only: only UTF8Strings (PKIX recommendation after 2004).
++# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
++# MASK:XXXX a literal mask value.
++# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
++string_mask = utf8only
++
++# req_extensions = v3_req # The extensions to add to a certificate request
++
++[ req_distinguished_name ]
++countryName = Country Name (2 letter code)
++countryName_default = XX
++countryName_min = 2
++countryName_max = 2
++
++stateOrProvinceName = State or Province Name (full name)
++#stateOrProvinceName_default = Default Province
++
++localityName = Locality Name (eg, city)
++localityName_default = Default City
++
++0.organizationName = Organization Name (eg, company)
++0.organizationName_default = Default Company Ltd
++
++# we can do this but it is not needed normally :-)
++#1.organizationName = Second Organization Name (eg, company)
++#1.organizationName_default = World Wide Web Pty Ltd
++
++organizationalUnitName = Organizational Unit Name (eg, section)
++#organizationalUnitName_default =
++
++commonName = Common Name (eg, your name or your server\'s hostname)
++commonName_max = 64
++
++emailAddress = Email Address
++emailAddress_max = 64
++
++# SET-ex3 = SET extension number 3
++
++[ req_attributes ]
++challengePassword = A challenge password
++challengePassword_min = 4
++challengePassword_max = 20
++
++unstructuredName = An optional company name
++
++[ usr_cert ]
++
++# These extensions are added when 'ca' signs a request.
++
++# This goes against PKIX guidelines but some CAs do it and some software
++# requires this to avoid interpreting an end user certificate as a CA.
++
++basicConstraints=CA:FALSE
++
++# This is typical in keyUsage for a client certificate.
++# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
++
++# PKIX recommendations harmless if included in all certificates.
++subjectKeyIdentifier=hash
++authorityKeyIdentifier=keyid,issuer
++
++# This stuff is for subjectAltName and issuerAltname.
++# Import the email address.
++# subjectAltName=email:copy
++# An alternative to produce certificates that aren't
++# deprecated according to PKIX.
++# subjectAltName=email:move
++
++# Copy subject details
++# issuerAltName=issuer:copy
++
++# This is required for TSA certificates.
++# extendedKeyUsage = critical,timeStamping
++
++[ v3_req ]
++
++# Extensions to add to a certificate request
++
++basicConstraints = CA:FALSE
++keyUsage = nonRepudiation, digitalSignature, keyEncipherment
++
++[ v3_ca ]
++
++
++# Extensions for a typical CA
++
++
++# PKIX recommendation.
++
++subjectKeyIdentifier=hash
++
++authorityKeyIdentifier=keyid:always,issuer
++
++basicConstraints = critical,CA:true
++
++# Key usage: this is typical for a CA certificate. However since it will
++# prevent it being used as an test self-signed certificate it is best
++# left out by default.
++# keyUsage = cRLSign, keyCertSign
++
++# Include email address in subject alt name: another PKIX recommendation
++# subjectAltName=email:copy
++# Copy issuer details
++# issuerAltName=issuer:copy
++
++# DER hex encoding of an extension: beware experts only!
++# obj=DER:02:03
++# Where 'obj' is a standard or added object
++# You can even override a supported extension:
++# basicConstraints= critical, DER:30:03:01:01:FF
++
++[ crl_ext ]
++
++# CRL extensions.
++# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
++
++# issuerAltName=issuer:copy
++authorityKeyIdentifier=keyid:always
++
++[ proxy_cert_ext ]
++# These extensions should be added when creating a proxy certificate
++
++# This goes against PKIX guidelines but some CAs do it and some software
++# requires this to avoid interpreting an end user certificate as a CA.
++
++basicConstraints=CA:FALSE
++
++# This is typical in keyUsage for a client certificate.
++# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
++
++# PKIX recommendations harmless if included in all certificates.
++subjectKeyIdentifier=hash
++authorityKeyIdentifier=keyid,issuer
++
++# This stuff is for subjectAltName and issuerAltname.
++# Import the email address.
++# subjectAltName=email:copy
++# An alternative to produce certificates that aren't
++# deprecated according to PKIX.
++# subjectAltName=email:move
++
++# Copy subject details
++# issuerAltName=issuer:copy
++
++# This really needs to be in place for it to be a proxy certificate.
++proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
++
++####################################################################
++[ tsa ]
++
++default_tsa = tsa_config1 # the default TSA section
++
++[ tsa_config1 ]
++
++# These are used by the TSA reply generation only.
++dir = ./demoCA # TSA root directory
++serial = $dir/tsaserial # The current serial number (mandatory)
++crypto_device = builtin # OpenSSL engine to use for signing
++signer_cert = $dir/tsacert.pem # The TSA signing certificate
++ # (optional)
++certs = $dir/cacert.pem # Certificate chain to include in reply
++ # (optional)
++signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
++signer_digest = sha256 # Signing digest to use. (Optional)
++default_policy = tsa_policy1 # Policy if request did not specify it
++ # (optional)
++other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
++digests = sha1, sha256, sha384, sha512 # Acceptable message digests (mandatory)
++accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
++clock_precision_digits = 0 # number of digits after dot. (optional)
++ordering = yes # Is ordering defined for timestamps?
++ # (optional, default: no)
++tsa_name = yes # Must the TSA name be included in the reply?
++ # (optional, default: no)
++ess_cert_id_chain = no # Must the ESS cert id chain be included?
++ # (optional, default: no)
++ess_cert_id_alg = sha256 # algorithm to compute certificate
++ # identifier (optional, default: sha256)
++
++[insta] # CMP using Insta Demo CA
++# Message transfer
++server = pki.certificate.fi:8700
++# proxy = # set this as far as needed, e.g., http://192.168.1.1:8080
++# tls_use = 0
++path = pkix/
++
++# Server authentication
++recipient = "/C=FI/O=Insta Demo/CN=Insta Demo CA" # or set srvcert or issuer
++ignore_keyusage = 1 # potentially needed quirk
++unprotected_errors = 1 # potentially needed quirk
++extracertsout = insta.extracerts.pem
++
++# Client authentication
++ref = 3078 # user identification
++secret = pass:insta # can be used for both client and server side
++
++# Generic message options
++cmd = ir # default operation, can be overridden on cmd line with, e.g., kur
++
++# Certificate enrollment
++subject = "/CN=openssl-cmp-test"
++newkey = insta.priv.pem
++out_trusted = apps/insta.ca.crt # does not include keyUsage digitalSignature
++certout = insta.cert.pem
++
++[pbm] # Password-based protection for Insta CA
++# Server and client authentication
++ref = $insta::ref # 3078
++secret = $insta::secret # pass:insta
++
++[signature] # Signature-based protection for Insta CA
++# Server authentication
++trusted = $insta::out_trusted # apps/insta.ca.crt
++
++# Client authentication
++secret = # disable PBM
++key = $insta::newkey # insta.priv.pem
++cert = $insta::certout # insta.cert.pem
++
++[ir]
++cmd = ir
++
++[cr]
++cmd = cr
++
++[kur]
++# Certificate update
++cmd = kur
++oldcert = $insta::certout # insta.cert.pem
++
++[rr]
++# Certificate revocation
++cmd = rr
++oldcert = $insta::certout # insta.cert.pem
+--
+2.48.1
+
diff --git a/0002-Use-more-general-default-values-in-openssl.cnf.patch b/0002-Use-more-general-default-values-in-openssl.cnf.patch
deleted file mode 100644
index 83ed599..0000000
--- a/0002-Use-more-general-default-values-in-openssl.cnf.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-From 41df9ae215cee9574e17e6f887c96a7c97d588f5 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Thu, 24 Sep 2020 09:03:40 +0200
-Subject: Use more general default values in openssl.cnf
-
-Also set sha256 as default hash, although that should not be
-necessary anymore.
-
-(was openssl-1.1.1-defaults.patch)
----
- apps/openssl.cnf | 12 +++++++-----
- 1 file changed, 7 insertions(+), 5 deletions(-)
-
-diff --git a/apps/openssl.cnf b/apps/openssl.cnf
-index 97567a67be..eb25a0ac48 100644
---- a/apps/openssl.cnf
-+++ b/apps/openssl.cnf
-@@ -104,7 +104,7 @@ cert_opt = ca_default # Certificate field options
-
- default_days = 365 # how long to certify for
- default_crl_days= 30 # how long before next CRL
--default_md = default # use public key default MD
-+default_md = sha256 # use SHA-256 by default
- preserve = no # keep passed DN ordering
-
- # A few difference way of specifying how similar the request should look
-@@ -136,6 +136,7 @@ emailAddress = optional
- ####################################################################
- [ req ]
- default_bits = 2048
-+default_md = sha256
- default_keyfile = privkey.pem
- distinguished_name = req_distinguished_name
- attributes = req_attributes
-@@ -158,17 +159,18 @@ string_mask = utf8only
-
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
--countryName_default = AU
-+countryName_default = XX
- countryName_min = 2
- countryName_max = 2
-
- stateOrProvinceName = State or Province Name (full name)
--stateOrProvinceName_default = Some-State
-+#stateOrProvinceName_default = Default Province
-
- localityName = Locality Name (eg, city)
-+localityName_default = Default City
-
- 0.organizationName = Organization Name (eg, company)
--0.organizationName_default = Internet Widgits Pty Ltd
-+0.organizationName_default = Default Company Ltd
-
- # we can do this but it is not needed normally :-)
- #1.organizationName = Second Organization Name (eg, company)
-@@ -177,7 +179,7 @@ localityName = Locality Name (eg, city)
- organizationalUnitName = Organizational Unit Name (eg, section)
- #organizationalUnitName_default =
-
--commonName = Common Name (e.g. server FQDN or YOUR name)
-+commonName = Common Name (eg, your name or your server\'s hostname)
- commonName_max = 64
-
- emailAddress = Email Address
---
-2.26.2
-
diff --git a/0003-Do-not-install-html-docs.patch b/0003-Do-not-install-html-docs.patch
deleted file mode 100644
index 6be6e68..0000000
--- a/0003-Do-not-install-html-docs.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From a3e7963320ba44e96a60b389fccb8e1cccc30674 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Thu, 19 Oct 2023 13:12:39 +0200
-Subject: [PATCH 03/46] 0003-Do-not-install-html-docs.patch
-
-Patch-name: 0003-Do-not-install-html-docs.patch
-Patch-id: 3
-Patch-status: |
- # # Do not install html docs
-From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
----
- Configurations/unix-Makefile.tmpl | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index a48fae5fb8..56b42926e7 100644
---- a/Configurations/unix-Makefile.tmpl
-+++ b/Configurations/unix-Makefile.tmpl
-@@ -611,7 +611,7 @@ install_sw: install_dev install_engines install_modules install_runtime
-
- uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev ## Uninstall the software and libraries
-
--install_docs: install_man_docs install_html_docs ## Install manpages and HTML documentation
-+install_docs: install_man_docs ## Install manpages
-
- uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and HTML documentation
- $(RM) -r "$(DESTDIR)$(DOCDIR)"
---
-2.41.0
-
diff --git a/0003-RH-Do-not-install-html-docs.patch b/0003-RH-Do-not-install-html-docs.patch
new file mode 100644
index 0000000..689e63e
--- /dev/null
+++ b/0003-RH-Do-not-install-html-docs.patch
@@ -0,0 +1,30 @@
+From 4e6ed67273c67ccc84f25b5b2d181475a95433a6 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:14 +0100
+Subject: [PATCH 03/49] RH: Do not install html docs
+
+Patch-name: 0003-Do-not-install-html-docs.patch
+Patch-id: 3
+Patch-status: |
+ # # Do not install html docs
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ Configurations/unix-Makefile.tmpl | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index e85763ccf8..8a829be037 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -658,7 +658,7 @@ install_sw: install_dev install_engines install_modules install_runtime ## Insta
+
+ uninstall_sw: uninstall_runtime uninstall_modules uninstall_engines uninstall_dev ## Uninstall the software and libraries
+
+-install_docs: install_man_docs install_html_docs ## Install manpages and HTML documentation
++install_docs: install_man_docs ## Install manpages
+
+ uninstall_docs: uninstall_man_docs uninstall_html_docs ## Uninstall manpages and HTML documentation
+ $(RM) -r "$(DESTDIR)$(DOCDIR)"
+--
+2.48.1
+
diff --git a/0004-Override-default-paths-for-the-CA-directory-tree.patch b/0004-Override-default-paths-for-the-CA-directory-tree.patch
deleted file mode 100644
index 558fc62..0000000
--- a/0004-Override-default-paths-for-the-CA-directory-tree.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-From cb180c186ddcd46f3ffe13468d8ac4dff680b03e Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 8 Jul 2024 11:30:24 +0200
-Subject: [PATCH 04/50]
- 0004-Override-default-paths-for-the-CA-directory-tree.patch
-
-Patch-name: 0004-Override-default-paths-for-the-CA-directory-tree.patch
-Patch-id: 4
-Patch-status: |
- # Override default paths for the CA directory tree
-From-dist-git-commit: e67e9d9c40cd2cb9547e539c658e2b63f2736762
----
- apps/CA.pl.in | 2 +-
- apps/openssl.cnf | 18 ++++++++++++++++--
- 2 files changed, 17 insertions(+), 3 deletions(-)
-
-diff --git a/apps/CA.pl.in b/apps/CA.pl.in
-index 2c31ee6c8d..009eafe685 100644
---- a/apps/CA.pl.in
-+++ b/apps/CA.pl.in
-@@ -29,7 +29,7 @@ my $X509 = "$openssl x509";
- my $PKCS12 = "$openssl pkcs12";
-
- # Default values for various configuration settings.
--my $CATOP = "./demoCA";
-+my $CATOP = "/etc/pki/CA";
- my $CAKEY = "cakey.pem";
- my $CAREQ = "careq.pem";
- my $CACERT = "cacert.pem";
-diff --git a/apps/openssl.cnf b/apps/openssl.cnf
-index 00f0d24673..3ec80986b7 100644
---- a/apps/openssl.cnf
-+++ b/apps/openssl.cnf
-@@ -52,6 +52,13 @@ tsa_policy3 = 1.2.3.4.5.7
-
- [openssl_init]
- providers = provider_sect
-+# Load default TLS policy configuration
-+ssl_conf = ssl_module
-+alg_section = evp_properties
-+
-+[ evp_properties ]
-+#This section is intentionally added empty here
-+#to be tuned on particular systems
-
- # List of providers to load
- [provider_sect]
-@@ -71,6 +78,13 @@ default = default_sect
- [default_sect]
- # activate = 1
-
-+[ ssl_module ]
-+
-+system_default = crypto_policy
-+
-+[ crypto_policy ]
-+
-+.include = /etc/crypto-policies/back-ends/opensslcnf.config
-
- ####################################################################
- [ ca ]
-@@ -79,7 +93,7 @@ default_ca = CA_default # The default ca section
- ####################################################################
- [ CA_default ]
-
--dir = ./demoCA # Where everything is kept
-+dir = /etc/pki/CA # Where everything is kept
- certs = $dir/certs # Where the issued certs are kept
- crl_dir = $dir/crl # Where the issued crl are kept
- database = $dir/index.txt # database index file.
-@@ -311,7 +325,7 @@ default_tsa = tsa_config1 # the default TSA section
- [ tsa_config1 ]
-
- # These are used by the TSA reply generation only.
--dir = ./demoCA # TSA root directory
-+dir = /etc/pki/CA # TSA root directory
- serial = $dir/tsaserial # The current serial number (mandatory)
- crypto_device = builtin # OpenSSL engine to use for signing
- signer_cert = $dir/tsacert.pem # The TSA signing certificate
---
-2.41.0
-
diff --git a/0004-RH-Override-default-paths-for-the-CA-directory-tree.patch b/0004-RH-Override-default-paths-for-the-CA-directory-tree.patch
new file mode 100644
index 0000000..1859116
--- /dev/null
+++ b/0004-RH-Override-default-paths-for-the-CA-directory-tree.patch
@@ -0,0 +1,67 @@
+From 192868eb80b238bc3d503e770f9d92a8c5f52593 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:14 +0100
+Subject: [PATCH 04/49] RH: Override default paths for the CA directory tree
+
+Patch-name: 0004-Override-default-paths-for-the-CA-directory-tree.patch
+Patch-id: 4
+Patch-status: |
+ # # Override default paths for the CA directory tree
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ rh-openssl.cnf | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/rh-openssl.cnf b/rh-openssl.cnf
+index caaa33808d..f6e3b64bab 100644
+--- a/rh-openssl.cnf
++++ b/rh-openssl.cnf
+@@ -52,6 +52,13 @@ tsa_policy3 = 1.2.3.4.5.7
+
+ [openssl_init]
+ providers = provider_sect
++# Load default TLS policy configuration
++ssl_conf = ssl_module
++alg_section = evp_properties
++
++[ evp_properties ]
++#This section is intentionally added empty here
++#to be tuned on particular systems
+
+ # List of providers to load
+ [provider_sect]
+@@ -71,6 +78,13 @@ default = default_sect
+ [default_sect]
+ # activate = 1
+
++[ ssl_module ]
++
++system_default = crypto_policy
++
++[ crypto_policy ]
++
++.include = /etc/crypto-policies/back-ends/opensslcnf.config
+
+ ####################################################################
+ [ ca ]
+@@ -79,7 +93,7 @@ default_ca = CA_default # The default ca section
+ ####################################################################
+ [ CA_default ]
+
+-dir = ./demoCA # Where everything is kept
++dir = /etc/pki/CA # Where everything is kept
+ certs = $dir/certs # Where the issued certs are kept
+ crl_dir = $dir/crl # Where the issued crl are kept
+ database = $dir/index.txt # database index file.
+@@ -310,7 +324,7 @@ default_tsa = tsa_config1 # the default TSA section
+ [ tsa_config1 ]
+
+ # These are used by the TSA reply generation only.
+-dir = ./demoCA # TSA root directory
++dir = /etc/pki/CA # TSA root directory
+ serial = $dir/tsaserial # The current serial number (mandatory)
+ crypto_device = builtin # OpenSSL engine to use for signing
+ signer_cert = $dir/tsacert.pem # The TSA signing certificate
+--
+2.48.1
+
diff --git a/0005-RH-Instructions-to-load-legacy-provider.patch b/0005-RH-Instructions-to-load-legacy-provider.patch
new file mode 100644
index 0000000..1618f4a
--- /dev/null
+++ b/0005-RH-Instructions-to-load-legacy-provider.patch
@@ -0,0 +1,98 @@
+From 087f66226eb182d01c7fa87706940bf6d2a19b29 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 05/49] RH: Instructions to load legacy provider
+
+Patch-name: 0024-load-legacy-prov.patch
+Patch-id: 24
+Patch-status: |
+ # # Instructions to load legacy provider in openssl.cnf
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ doc/man5/config.pod | 8 ++++++++
+ rh-openssl.cnf | 40 +++++++++++++++++++---------------------
+ 2 files changed, 27 insertions(+), 21 deletions(-)
+
+diff --git a/doc/man5/config.pod b/doc/man5/config.pod
+index e24ea0c595..39fa468320 100644
+--- a/doc/man5/config.pod
++++ b/doc/man5/config.pod
+@@ -284,6 +284,14 @@ Note this setting defaults to off if not provided
+ All parameters in the section as well as sub-sections are made
+ available to the provider.
+
++=head3 Loading the legacy provider
++
++Uncomment the sections that start with ## in openssl.cnf
++to enable the legacy provider.
++Note: In general it is not recommended to use the above mentioned algorithms for
++security critical operations, as they are cryptographically weak or vulnerable
++to side-channel attacks and as such have been deprecated.
++
+ =head3 Default provider and its activation
+
+ If no providers are activated explicitly, the default one is activated implicitly.
+diff --git a/rh-openssl.cnf b/rh-openssl.cnf
+index f6e3b64bab..84a4ca5ee0 100644
+--- a/rh-openssl.cnf
++++ b/rh-openssl.cnf
+@@ -42,16 +42,17 @@ tsa_policy1 = 1.2.3.4.1
+ tsa_policy2 = 1.2.3.4.5.6
+ tsa_policy3 = 1.2.3.4.5.7
+
+-# For FIPS
+-# Optionally include a file that is generated by the OpenSSL fipsinstall
+-# application. This file contains configuration data required by the OpenSSL
+-# fips provider. It contains a named section e.g. [fips_sect] which is
+-# referenced from the [provider_sect] below.
+-# Refer to the OpenSSL security policy for more information.
+-# .include fipsmodule.cnf
+-
+ [openssl_init]
+ providers = provider_sect
++# Uncomment the sections that start with ## below to enable the legacy provider.
++# Loading the legacy provider enables support for the following algorithms:
++# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
++# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
++# Key Derivation Function (KDF): PBKDF1
++# In general it is not recommended to use the above mentioned algorithms for
++# security critical operations, as they are cryptographically weak or vulnerable
++# to side-channel attacks and as such have been deprecated.
++
+ # Load default TLS policy configuration
+ ssl_conf = ssl_module
+ alg_section = evp_properties
+@@ -63,20 +64,17 @@ alg_section = evp_properties
+ # List of providers to load
+ [provider_sect]
+ default = default_sect
+-# The fips section name should match the section name inside the
+-# included fipsmodule.cnf.
+-# fips = fips_sect
+-
+-# If no providers are activated explicitly, the default one is activated implicitly.
+-# See man 7 OSSL_PROVIDER-default for more details.
+-#
+-# If you add a section explicitly activating any other provider(s), you most
+-# probably need to explicitly activate the default provider, otherwise it
+-# becomes unavailable in openssl. As a consequence applications depending on
+-# OpenSSL may not work correctly which could lead to significant system
+-# problems including inability to remotely access the system.
++##legacy = legacy_sect
++##
+ [default_sect]
+-# activate = 1
++activate = 1
++
++##[legacy_sect]
++##activate = 1
++
++#Place the third party provider configuration files into this folder
++.include /etc/pki/tls/openssl.d
++
+
+ [ ssl_module ]
+
+--
+2.48.1
+
diff --git a/0005-apps-ca-fix-md-option-help-text.patch b/0005-apps-ca-fix-md-option-help-text.patch
deleted file mode 100644
index 1fed4c4..0000000
--- a/0005-apps-ca-fix-md-option-help-text.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 3d8fa9859501b07e02b76b5577e2915d5851e927 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Thu, 24 Sep 2020 09:27:18 +0200
-Subject: apps/ca: fix md option help text
-
-upstreamable
-
-(was openssl-1.1.1-apps-dgst.patch)
----
- apps/ca.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/apps/ca.c b/apps/ca.c
-index 0f21b4fa1c..3d4b2c1673 100755
---- a/apps/ca.c
-+++ b/apps/ca.c
-@@ -209,7 +209,7 @@ const OPTIONS ca_options[] = {
- {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
-
- OPT_SECTION("Signing"),
-- {"md", OPT_MD, 's', "Digest to use, such as sha256"},
-+ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"},
- {"keyfile", OPT_KEYFILE, 's', "The CA private key"},
- {"keyform", OPT_KEYFORM, 'f',
- "Private key file format (ENGINE, other values ignored)"},
---
-2.26.2
-
diff --git a/0006-Disable-signature-verification-with-totally-unsafe-h.patch b/0006-Disable-signature-verification-with-totally-unsafe-h.patch
deleted file mode 100644
index f9dd2dd..0000000
--- a/0006-Disable-signature-verification-with-totally-unsafe-h.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 3f9deff30ae6efbfe979043b00cdf649b39793c0 Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tmraz@fedoraproject.org>
-Date: Thu, 24 Sep 2020 09:51:34 +0200
-Subject: Disable signature verification with totally unsafe hash algorithms
-
-(was openssl-1.1.1-no-weak-verify.patch)
----
- crypto/asn1/a_verify.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
-diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
-index b7eed914b0..af62f0ef08 100644
---- a/crypto/asn1/a_verify.c
-+++ b/crypto/asn1/a_verify.c
-@@ -152,6 +152,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
- ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
- if (ret <= 1)
- goto err;
-+ } else if ((mdnid == NID_md5
-+ && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
-+ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
-+ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
-+ goto err;
- } else {
- const EVP_MD *type = NULL;
-
---
-2.26.2
-
diff --git a/0006-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch b/0006-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch
new file mode 100644
index 0000000..82bd463
--- /dev/null
+++ b/0006-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch
@@ -0,0 +1,30 @@
+From 1656e32a95faf095f8163b0c11ca4f2db0fae63a Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:14 +0100
+Subject: [PATCH 06/49] RH: apps ca fix md option help text.patch - DROP?
+
+Patch-name: 0005-apps-ca-fix-md-option-help-text.patch
+Patch-id: 5
+Patch-status: |
+ # # apps/ca: fix md option help text
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ apps/ca.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/apps/ca.c b/apps/ca.c
+index 6d1d1c0a6e..a7553ba609 100644
+--- a/apps/ca.c
++++ b/apps/ca.c
+@@ -216,7 +216,7 @@ const OPTIONS ca_options[] = {
+ {"noemailDN", OPT_NOEMAILDN, '-', "Don't add the EMAIL field to the DN"},
+
+ OPT_SECTION("Signing"),
+- {"md", OPT_MD, 's', "Digest to use, such as sha256"},
++ {"md", OPT_MD, 's', "Digest to use, such as sha256; see openssl help for list"},
+ {"keyfile", OPT_KEYFILE, 's', "The CA private key"},
+ {"keyform", OPT_KEYFORM, 'f',
+ "Private key file format (ENGINE, other values ignored)"},
+--
+2.48.1
+
diff --git a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch b/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
deleted file mode 100644
index 83d5c23..0000000
--- a/0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+++ /dev/null
@@ -1,314 +0,0 @@
-From 8be4ef77c64fcada41041c00e02c34b07658ba66 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:14 +0100
-Subject: [PATCH 07/49]
- 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
-
-Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
-Patch-id: 7
-Patch-status: |
- # # Add support for PROFILE=SYSTEM system default cipherlist
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- Configurations/unix-Makefile.tmpl | 5 ++
- Configure | 11 +++-
- doc/man1/openssl-ciphers.pod.in | 9 ++++
- include/openssl/ssl.h.in | 5 ++
- ssl/ssl_ciph.c | 86 +++++++++++++++++++++++++++----
- ssl/ssl_lib.c | 4 +-
- test/cipherlist_test.c | 2 +
- 7 files changed, 109 insertions(+), 13 deletions(-)
-
-diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 5d61ce9550..e9fba957f1 100644
---- a/Configurations/unix-Makefile.tmpl
-+++ b/Configurations/unix-Makefile.tmpl
-@@ -324,6 +324,10 @@ MANDIR=$(INSTALLTOP)/share/man
- DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
- HTMLDIR=$(DOCDIR)/html
-
-+{- output_off() if $config{system_ciphers_file} eq ""; "" -}
-+SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\""
-+{- output_on() if $config{system_ciphers_file} eq ""; "" -}
-+
- # MANSUFFIX is for the benefit of anyone who may want to have a suffix
- # appended after the manpage file section number. "ssl" is popular,
- # resulting in files such as config.5ssl rather than config.5.
-@@ -347,6 +351,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
- CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
- CPPFLAGS={- our $cppflags1 = join(" ",
- (map { "-D".$_} @{$config{CPPDEFINES}}),
-+ "\$(SYSTEM_CIPHERS_FILE_DEFINE)",
- (map { "-I".$_} @{$config{CPPINCLUDES}}),
- @{$config{CPPFLAGS}}) -}
- CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
-diff --git a/Configure b/Configure
-index cca1ac8d16..2ae1cd0bc2 100755
---- a/Configure
-+++ b/Configure
-@@ -27,7 +27,7 @@ use OpenSSL::config;
- my $orig_death_handler = $SIG{__DIE__};
- $SIG{__DIE__} = \&death_handler;
-
--my $usage="Usage: Configure [no-<feature> ...] [enable-<feature> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]thread-pool] [[no-]default-thread-pool] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
-+my $usage="Usage: Configure [no-<feature> ...] [enable-<feature> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]thread-pool] [[no-]default-thread-pool] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
-
- my $banner = <<"EOF";
-
-@@ -61,6 +61,10 @@ EOF
- # given with --prefix.
- # This becomes the value of OPENSSLDIR in Makefile and in C.
- # (Default: PREFIX/ssl)
-+#
-+# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
-+# cipher is specified (default).
-+#
- # --banner=".." Output specified text instead of default completion banner
- #
- # -w Don't wait after showing a Configure warning
-@@ -394,6 +398,7 @@ $config{prefix}="";
- $config{openssldir}="";
- $config{processor}="";
- $config{libdir}="";
-+$config{system_ciphers_file}="";
- my $auto_threads=1; # enable threads automatically? true by default
- my $default_ranlib;
-
-@@ -1047,6 +1052,10 @@ while (@argvcopy)
- die "FIPS key too long (64 bytes max)\n"
- if length $1 > 64;
- }
-+ elsif (/^--system-ciphers-file=(.*)$/)
-+ {
-+ $config{system_ciphers_file}=$1;
-+ }
- elsif (/^--banner=(.*)$/)
- {
- $banner = $1 . "\n";
-diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
-index d4df30686f..cec4835268 100644
---- a/doc/man1/openssl-ciphers.pod.in
-+++ b/doc/man1/openssl-ciphers.pod.in
-@@ -190,6 +190,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
-
- The cipher suites not enabled by B<ALL>, currently B<eNULL>.
-
-+=item B<PROFILE=SYSTEM>
-+
-+The list of enabled cipher suites will be loaded from the system crypto policy
-+configuration file B</etc/crypto-policies/back-ends/opensslcnf.config>.
-+See also L<update-crypto-policies(8)>.
-+This is the default behavior unless an application explicitly sets a cipher
-+list. If used in a cipher list configuration value this string must be at the
-+beginning of the cipher list, otherwise it will not be recognized.
-+
- =item B<HIGH>
-
- "High" encryption cipher suites. This currently means those with key lengths
-diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
-index 9f91039f8a..fc34d4ca61 100644
---- a/include/openssl/ssl.h.in
-+++ b/include/openssl/ssl.h.in
-@@ -209,6 +209,11 @@ extern "C" {
- * throwing out anonymous and unencrypted ciphersuites! (The latter are not
- * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
- */
-+# ifdef SYSTEM_CIPHERS_FILE
-+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
-+# else
-+# define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
-+# endif
-
- /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
- # define SSL_SENT_SHUTDOWN 1
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 8360991ce4..33c23efb0d 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -1455,6 +1455,49 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
- return ret;
- }
-
-+#ifdef SYSTEM_CIPHERS_FILE
-+static char *load_system_str(const char *suffix)
-+{
-+ char buf[1024];
-+ char *new_rules;
-+ const char *ciphers_path;
-+ unsigned len, slen;
-+
-+ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
-+ ciphers_path = SYSTEM_CIPHERS_FILE;
-+ ERR_set_mark();
-+ if (access(ciphers_path, R_OK) == 0) {
-+ CONF *conf = NCONF_new_ex(NULL, NCONF_default());
-+ char *value = NULL;
-+
-+ if (NCONF_load(conf, ciphers_path, NULL) > 0)
-+ value = NCONF_get_string(conf, "global", "CipherString");
-+
-+ snprintf(buf, sizeof(buf), "%s", value ? value : SSL_DEFAULT_CIPHER_LIST);
-+
-+ NCONF_free(conf);
-+ } else {
-+ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
-+ }
-+ ERR_pop_to_mark();
-+ slen = strlen(suffix);
-+ len = strlen(buf);
-+
-+ new_rules = OPENSSL_zalloc(len + slen + 1);
-+ if (new_rules == NULL)
-+ return NULL;
-+
-+ memcpy(new_rules, buf, len);
-+ if (slen > 0) {
-+ memcpy(&new_rules[len], suffix, slen);
-+ len += slen;
-+ }
-+ new_rules[len] = 0;
-+
-+ return new_rules;
-+}
-+#endif
-+
- STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
- STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
- STACK_OF(SSL_CIPHER) **cipher_list,
-@@ -1469,15 +1516,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
- CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
- const SSL_CIPHER **ca_list = NULL;
- const SSL_METHOD *ssl_method = ctx->method;
-+#ifdef SYSTEM_CIPHERS_FILE
-+ char *new_rules = NULL;
-+
-+ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
-+ const char *p = rule_str + 14;
-+
-+ new_rules = load_system_str(p);
-+ rule_str = new_rules;
-+ }
-+#endif
-
- /*
- * Return with error if nothing to do.
- */
- if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
-- return NULL;
-+ goto err;
-
- if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
-- return NULL;
-+ goto err;
-
- /*
- * To reduce the work to do we only want to process the compiled
-@@ -1499,7 +1556,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
- if (num_of_ciphers > 0) {
- co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
- if (co_list == NULL)
-- return NULL; /* Failure */
-+ goto err;
- }
-
- ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-@@ -1565,8 +1622,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
- * in force within each class
- */
- if (!ssl_cipher_strength_sort(&head, &tail)) {
-- OPENSSL_free(co_list);
-- return NULL;
-+ goto err;
- }
-
- /*
-@@ -1611,8 +1667,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
- num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
- ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
- if (ca_list == NULL) {
-- OPENSSL_free(co_list);
-- return NULL; /* Failure */
-+ goto err;
- }
- ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
- disabled_mkey, disabled_auth, disabled_enc,
-@@ -1637,8 +1693,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
- OPENSSL_free(ca_list); /* Not needed anymore */
-
- if (!ok) { /* Rule processing failure */
-- OPENSSL_free(co_list);
-- return NULL;
-+ goto err;
- }
-
- /*
-@@ -1646,10 +1701,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
- * if we cannot get one.
- */
- if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
-- OPENSSL_free(co_list);
-- return NULL;
-+ goto err;
- }
-
-+#ifdef SYSTEM_CIPHERS_FILE
-+ OPENSSL_free(new_rules); /* Not needed anymore */
-+#endif
-+
- /* Add TLSv1.3 ciphers first - we always prefer those if possible */
- for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
- const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
-@@ -1701,6 +1759,14 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
- *cipher_list = cipherstack;
-
- return cipherstack;
-+
-+err:
-+ OPENSSL_free(co_list);
-+#ifdef SYSTEM_CIPHERS_FILE
-+ OPENSSL_free(new_rules);
-+#endif
-+ return NULL;
-+
- }
-
- char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
-diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
-index cf59d2dfa5..1329841aaf 100644
---- a/ssl/ssl_lib.c
-+++ b/ssl/ssl_lib.c
-@@ -700,7 +700,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
- ctx->tls13_ciphersuites,
- &(ctx->cipher_list),
- &(ctx->cipher_list_by_id),
-- OSSL_default_cipher_list(), ctx->cert);
-+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
- if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
- ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
- return 0;
-@@ -3966,7 +3966,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
- if (!ssl_create_cipher_list(ret,
- ret->tls13_ciphersuites,
- &ret->cipher_list, &ret->cipher_list_by_id,
-- OSSL_default_cipher_list(), ret->cert)
-+ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
- || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
- ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
- goto err;
-diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
-index c46e431b00..19d05e860b 100644
---- a/test/cipherlist_test.c
-+++ b/test/cipherlist_test.c
-@@ -261,7 +261,9 @@ end:
-
- int setup_tests(void)
- {
-+#ifndef SYSTEM_CIPHERS_FILE
- ADD_TEST(test_default_cipherlist_implicit);
-+#endif
- ADD_TEST(test_default_cipherlist_explicit);
- ADD_TEST(test_default_cipherlist_clear);
- ADD_TEST(test_stdname_cipherlist);
---
-2.44.0
-
diff --git a/0007-RH-Disable-signature-verification-with-bad-digests-R.patch b/0007-RH-Disable-signature-verification-with-bad-digests-R.patch
new file mode 100644
index 0000000..b94cca5
--- /dev/null
+++ b/0007-RH-Disable-signature-verification-with-bad-digests-R.patch
@@ -0,0 +1,34 @@
+From 5b0297ece990b589417252b771547dd046f802d8 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:14 +0100
+Subject: [PATCH 07/49] RH: Disable signature verification with bad digests -
+ REVIEW
+
+Patch-name: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
+Patch-id: 6
+Patch-status: |
+ # # Disable signature verification with totally unsafe hash algorithms
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ crypto/asn1/a_verify.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c
+index f6cac80962..fbc6ce6e30 100644
+--- a/crypto/asn1/a_verify.c
++++ b/crypto/asn1/a_verify.c
+@@ -151,6 +151,11 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
+ ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB);
+ if (ret <= 1)
+ goto err;
++ } else if ((mdnid == NID_md5
++ && ossl_safe_getenv("OPENSSL_ENABLE_MD5_VERIFY") == NULL) ||
++ mdnid == NID_md4 || mdnid == NID_md2 || mdnid == NID_sha) {
++ ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
++ goto err;
+ } else {
+ const EVP_MD *type = NULL;
+
+--
+2.48.1
+
diff --git a/0008-Add-FIPS_mode-compatibility-macro.patch b/0008-Add-FIPS_mode-compatibility-macro.patch
deleted file mode 100644
index c05aa79..0000000
--- a/0008-Add-FIPS_mode-compatibility-macro.patch
+++ /dev/null
@@ -1,83 +0,0 @@
-From 8e29a10b39a649d751870eb1fd1b8c388e66acc3 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:27 +0200
-Subject: [PATCH 08/35] 0008-Add-FIPS_mode-compatibility-macro.patch
-
-Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch
-Patch-id: 8
-Patch-status: |
- # Add FIPS_mode() compatibility macro
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
----
- include/openssl/fips.h | 26 ++++++++++++++++++++++++++
- test/property_test.c | 14 ++++++++++++++
- 2 files changed, 40 insertions(+)
- create mode 100644 include/openssl/fips.h
-
-diff --git a/include/openssl/fips.h b/include/openssl/fips.h
-new file mode 100644
-index 0000000000..4162cbf88e
---- /dev/null
-+++ b/include/openssl/fips.h
-@@ -0,0 +1,26 @@
-+/*
-+ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#ifndef OPENSSL_FIPS_H
-+# define OPENSSL_FIPS_H
-+# pragma once
-+
-+# include <openssl/evp.h>
-+# include <openssl/macros.h>
-+
-+# ifdef __cplusplus
-+extern "C" {
-+# endif
-+
-+# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
-+
-+# ifdef __cplusplus
-+}
-+# endif
-+#endif
-diff --git a/test/property_test.c b/test/property_test.c
-index 45b1db3e85..8894c1c1cb 100644
---- a/test/property_test.c
-+++ b/test/property_test.c
-@@ -677,6 +677,19 @@ static int test_property_list_to_string(int i)
- return ret;
- }
-
-+#include <openssl/fips.h>
-+static int test_downstream_FIPS_mode(void)
-+{
-+ int ret = 0;
-+
-+ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
-+ && TEST_true(FIPS_mode())
-+ && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
-+ && TEST_false(FIPS_mode());
-+
-+ return ret;
-+}
-+
- int setup_tests(void)
- {
- ADD_TEST(test_property_string);
-@@ -690,6 +703,7 @@ int setup_tests(void)
- ADD_TEST(test_property);
- ADD_TEST(test_query_cache_stochastic);
- ADD_TEST(test_fips_mode);
-+ ADD_TEST(test_downstream_FIPS_mode);
- ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
- return 1;
- }
---
-2.41.0
-
diff --git a/0008-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch b/0008-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch
new file mode 100644
index 0000000..99776af
--- /dev/null
+++ b/0008-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch
@@ -0,0 +1,321 @@
+From 06f2a8530cd4d9849c538d5866be6b7c6aff5f72 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:14 +0100
+Subject: [PATCH 08/49] RH: Add support for PROFILE SYSTEM system default
+ cipher
+
+Patch-name: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
+Patch-id: 7
+Patch-status: |
+ # # Add support for PROFILE=SYSTEM system default cipherlist
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ Configurations/unix-Makefile.tmpl | 5 ++
+ Configure | 11 +++-
+ doc/man1/openssl-ciphers.pod.in | 9 ++++
+ include/openssl/ssl.h.in | 5 ++
+ ssl/ssl_ciph.c | 83 +++++++++++++++++++++++++++----
+ ssl/ssl_lib.c | 4 +-
+ test/cipherlist_test.c | 2 +
+ 7 files changed, 105 insertions(+), 14 deletions(-)
+
+diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
+index 8a829be037..ba1266659a 100644
+--- a/Configurations/unix-Makefile.tmpl
++++ b/Configurations/unix-Makefile.tmpl
+@@ -344,6 +344,10 @@ MANDIR=$(INSTALLTOP)/share/man
+ DOCDIR=$(INSTALLTOP)/share/doc/$(BASENAME)
+ HTMLDIR=$(DOCDIR)/html
+
++{- output_off() if $config{system_ciphers_file} eq ""; "" -}
++SYSTEM_CIPHERS_FILE_DEFINE=-DSYSTEM_CIPHERS_FILE="\"{- $config{system_ciphers_file} -}\""
++{- output_on() if $config{system_ciphers_file} eq ""; "" -}
++
+ # MANSUFFIX is for the benefit of anyone who may want to have a suffix
+ # appended after the manpage file section number. "ssl" is popular,
+ # resulting in files such as config.5ssl rather than config.5.
+@@ -367,6 +371,7 @@ CC=$(CROSS_COMPILE){- $config{CC} -}
+ CXX={- $config{CXX} ? "\$(CROSS_COMPILE)$config{CXX}" : '' -}
+ CPPFLAGS={- our $cppflags1 = join(" ",
+ (map { "-D".$_} @{$config{CPPDEFINES}}),
++ "\$(SYSTEM_CIPHERS_FILE_DEFINE)",
+ (map { "-I".$_} @{$config{CPPINCLUDES}}),
+ @{$config{CPPFLAGS}}) -}
+ CFLAGS={- join(' ', @{$config{CFLAGS}}) -}
+diff --git a/Configure b/Configure
+index 15054f9403..7945d6b750 100755
+--- a/Configure
++++ b/Configure
+@@ -27,7 +27,7 @@ use OpenSSL::config;
+ my $orig_death_handler = $SIG{__DIE__};
+ $SIG{__DIE__} = \&death_handler;
+
+-my $usage="Usage: Configure [no-<feature> ...] [enable-<feature> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]thread-pool] [[no-]default-thread-pool] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
++my $usage="Usage: Configure [no-<feature> ...] [enable-<feature> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]thread-pool] [[no-]default-thread-pool] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--system-ciphers-file=SYSTEMCIPHERFILE] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+
+ my $banner = <<"EOF";
+
+@@ -61,6 +61,10 @@ EOF
+ # given with --prefix.
+ # This becomes the value of OPENSSLDIR in Makefile and in C.
+ # (Default: PREFIX/ssl)
++#
++# --system-ciphers-file A file to read cipher string from when the PROFILE=SYSTEM
++# cipher is specified (default).
++#
+ # --banner=".." Output specified text instead of default completion banner
+ #
+ # -w Don't wait after showing a Configure warning
+@@ -408,6 +412,7 @@ $config{prefix}="";
+ $config{openssldir}="";
+ $config{processor}="";
+ $config{libdir}="";
++$config{system_ciphers_file}="";
+ my $auto_threads=1; # enable threads automatically? true by default
+ my $default_ranlib;
+
+@@ -1104,6 +1109,10 @@ while (@argvcopy)
+ die "FIPS key too long (64 bytes max)\n"
+ if length $1 > 64;
+ }
++ elsif (/^--system-ciphers-file=(.*)$/)
++ {
++ $config{system_ciphers_file}=$1;
++ }
+ elsif (/^--banner=(.*)$/)
+ {
+ $banner = $1 . "\n";
+diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
+index 5239beca1d..98e5af4d34 100644
+--- a/doc/man1/openssl-ciphers.pod.in
++++ b/doc/man1/openssl-ciphers.pod.in
+@@ -190,6 +190,15 @@ As of OpenSSL 1.0.0, the B<ALL> cipher suites are sensibly ordered by default.
+
+ The cipher suites not enabled by B<ALL>, currently B<eNULL>.
+
++=item B<PROFILE=SYSTEM>
++
++The list of enabled cipher suites will be loaded from the system crypto policy
++configuration file B</etc/crypto-policies/back-ends/openssl.config>.
++See also L<update-crypto-policies(8)>.
++This is the default behavior unless an application explicitly sets a cipher
++list. If used in a cipher list configuration value this string must be at the
++beginning of the cipher list, otherwise it will not be recognized.
++
+ =item B<HIGH>
+
+ "High" encryption cipher suites. This currently means those with key lengths
+diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
+index b342079968..0b2232b01c 100644
+--- a/include/openssl/ssl.h.in
++++ b/include/openssl/ssl.h.in
+@@ -209,6 +209,11 @@ extern "C" {
+ * throwing out anonymous and unencrypted ciphersuites! (The latter are not
+ * actually enabled by ALL, but "ALL:RSA" would enable some of them.)
+ */
++# ifdef SYSTEM_CIPHERS_FILE
++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST "PROFILE=SYSTEM"
++# else
++# define SSL_SYSTEM_DEFAULT_CIPHER_LIST OSSL_default_cipher_list()
++# endif
+
+ /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
+ # define SSL_SENT_SHUTDOWN 1
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 6127cb7a4b..19420d6c6a 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -9,6 +9,7 @@
+ * https://www.openssl.org/source/license.html
+ */
+
++#define _GNU_SOURCE
+ #include <stdio.h>
+ #include <ctype.h>
+ #include <openssl/objects.h>
+@@ -1421,6 +1422,49 @@ int SSL_set_ciphersuites(SSL *s, const char *str)
+ return ret;
+ }
+
++#ifdef SYSTEM_CIPHERS_FILE
++static char *load_system_str(const char *suffix)
++{
++ char buf[1024];
++ char *new_rules;
++ const char *ciphers_path;
++ unsigned len, slen;
++
++ if ((ciphers_path = secure_getenv("OPENSSL_SYSTEM_CIPHERS_OVERRIDE")) == NULL)
++ ciphers_path = SYSTEM_CIPHERS_FILE;
++ ERR_set_mark();
++ if (access(ciphers_path, R_OK) == 0) {
++ CONF *conf = NCONF_new_ex(NULL, NCONF_default());
++ char *value = NULL;
++
++ if (NCONF_load(conf, ciphers_path, NULL) > 0)
++ value = NCONF_get_string(conf, "global", "CipherString");
++
++ snprintf(buf, sizeof(buf), "%s", value ? value : SSL_DEFAULT_CIPHER_LIST);
++
++ NCONF_free(conf);
++ } else {
++ snprintf(buf, sizeof(buf), "%s", SSL_DEFAULT_CIPHER_LIST);
++ }
++ ERR_pop_to_mark();
++ slen = strlen(suffix);
++ len = strlen(buf);
++
++ new_rules = OPENSSL_zalloc(len + slen + 1);
++ if (new_rules == NULL)
++ return NULL;
++
++ memcpy(new_rules, buf, len);
++ if (slen > 0) {
++ memcpy(&new_rules[len], suffix, slen);
++ len += slen;
++ }
++ new_rules[len] = 0;
++
++ return new_rules;
++}
++#endif
++
+ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ STACK_OF(SSL_CIPHER) *tls13_ciphersuites,
+ STACK_OF(SSL_CIPHER) **cipher_list,
+@@ -1435,15 +1479,25 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
+ const SSL_CIPHER **ca_list = NULL;
+ const SSL_METHOD *ssl_method = ctx->method;
++#ifdef SYSTEM_CIPHERS_FILE
++ char *new_rules = NULL;
++
++ if (rule_str != NULL && strncmp(rule_str, "PROFILE=SYSTEM", 14) == 0) {
++ const char *p = rule_str + 14;
++
++ new_rules = load_system_str(p);
++ rule_str = new_rules;
++ }
++#endif
+
+ /*
+ * Return with error if nothing to do.
+ */
+ if (rule_str == NULL || cipher_list == NULL || cipher_list_by_id == NULL)
+- return NULL;
++ goto err;
+
+ if (!check_suiteb_cipher_list(ssl_method, c, &rule_str))
+- return NULL;
++ goto err;
+
+ /*
+ * To reduce the work to do we only want to process the compiled
+@@ -1465,7 +1519,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ if (num_of_ciphers > 0) {
+ co_list = OPENSSL_malloc(sizeof(*co_list) * num_of_ciphers);
+ if (co_list == NULL)
+- return NULL; /* Failure */
++ goto err;
+ }
+
+ ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
+@@ -1531,8 +1585,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ * in force within each class
+ */
+ if (!ssl_cipher_strength_sort(&head, &tail)) {
+- OPENSSL_free(co_list);
+- return NULL;
++ goto err;
+ }
+
+ /*
+@@ -1576,8 +1629,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
+ ca_list = OPENSSL_malloc(sizeof(*ca_list) * num_of_alias_max);
+ if (ca_list == NULL) {
+- OPENSSL_free(co_list);
+- return NULL; /* Failure */
++ goto err;
+ }
+ ssl_cipher_collect_aliases(ca_list, num_of_group_aliases,
+ disabled_mkey, disabled_auth, disabled_enc,
+@@ -1603,8 +1655,7 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ OPENSSL_free(ca_list); /* Not needed anymore */
+
+ if (!ok) { /* Rule processing failure */
+- OPENSSL_free(co_list);
+- return NULL;
++ goto err;
+ }
+
+ /*
+@@ -1612,10 +1663,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ * if we cannot get one.
+ */
+ if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
+- OPENSSL_free(co_list);
+- return NULL;
++ goto err;
+ }
+
++#ifdef SYSTEM_CIPHERS_FILE
++ OPENSSL_free(new_rules); /* Not needed anymore */
++#endif
++
+ /* Add TLSv1.3 ciphers first - we always prefer those if possible */
+ for (i = 0; i < sk_SSL_CIPHER_num(tls13_ciphersuites); i++) {
+ const SSL_CIPHER *sslc = sk_SSL_CIPHER_value(tls13_ciphersuites, i);
+@@ -1667,6 +1721,13 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(SSL_CTX *ctx,
+ *cipher_list = cipherstack;
+
+ return cipherstack;
++
++err:
++ OPENSSL_free(co_list);
++#ifdef SYSTEM_CIPHERS_FILE
++ OPENSSL_free(new_rules);
++#endif
++ return NULL;
+ }
+
+ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
+diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
+index fd0d6e2bb7..201a84d9fe 100644
+--- a/ssl/ssl_lib.c
++++ b/ssl/ssl_lib.c
+@@ -679,7 +679,7 @@ int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
+ ctx->tls13_ciphersuites,
+ &(ctx->cipher_list),
+ &(ctx->cipher_list_by_id),
+- OSSL_default_cipher_list(), ctx->cert);
++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ctx->cert);
+ if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
+ return 0;
+@@ -4098,7 +4098,7 @@ SSL_CTX *SSL_CTX_new_ex(OSSL_LIB_CTX *libctx, const char *propq,
+ if (!ssl_create_cipher_list(ret,
+ ret->tls13_ciphersuites,
+ &ret->cipher_list, &ret->cipher_list_by_id,
+- OSSL_default_cipher_list(), ret->cert)
++ SSL_SYSTEM_DEFAULT_CIPHER_LIST, ret->cert)
+ || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
+ ERR_raise(ERR_LIB_SSL, SSL_R_LIBRARY_HAS_NO_CIPHERS);
+ goto err;
+diff --git a/test/cipherlist_test.c b/test/cipherlist_test.c
+index c46e431b00..19d05e860b 100644
+--- a/test/cipherlist_test.c
++++ b/test/cipherlist_test.c
+@@ -261,7 +261,9 @@ end:
+
+ int setup_tests(void)
+ {
++#ifndef SYSTEM_CIPHERS_FILE
+ ADD_TEST(test_default_cipherlist_implicit);
++#endif
+ ADD_TEST(test_default_cipherlist_explicit);
+ ADD_TEST(test_default_cipherlist_clear);
+ ADD_TEST(test_stdname_cipherlist);
+--
+2.48.1
+
diff --git a/0009-Add-Kernel-FIPS-mode-flag-support.patch b/0009-Add-Kernel-FIPS-mode-flag-support.patch
deleted file mode 100644
index 0848473..0000000
--- a/0009-Add-Kernel-FIPS-mode-flag-support.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From aa3aebf132959e7e44876042efaf9ff24ffe0f2b Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:27 +0200
-Subject: [PATCH 09/35] 0009-Add-Kernel-FIPS-mode-flag-support.patch
-
-Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch
-Patch-id: 9
-Patch-status: |
- # Add check to see if fips flag is enabled in kernel
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
----
- crypto/context.c | 36 ++++++++++++++++++++++++++++++++++++
- include/internal/provider.h | 3 +++
- 2 files changed, 39 insertions(+)
-
-diff --git a/crypto/context.c b/crypto/context.c
-index e294ea1512..51002ba79a 100644
---- a/crypto/context.c
-+++ b/crypto/context.c
-@@ -16,6 +16,41 @@
- #include "crypto/decoder.h"
- #include "crypto/context.h"
-
-+# include <sys/types.h>
-+# include <sys/stat.h>
-+# include <fcntl.h>
-+# include <unistd.h>
-+# include <openssl/evp.h>
-+
-+# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
-+
-+static int kernel_fips_flag;
-+
-+static void read_kernel_fips_flag(void)
-+{
-+ char buf[2] = "0";
-+ int fd;
-+
-+ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
-+ buf[0] = '1';
-+ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
-+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
-+ close(fd);
-+ }
-+
-+ if (buf[0] == '1') {
-+ kernel_fips_flag = 1;
-+ }
-+
-+ return;
-+}
-+
-+int ossl_get_kernel_fips_flag()
-+{
-+ return kernel_fips_flag;
-+}
-+
-+
- struct ossl_lib_ctx_st {
- CRYPTO_RWLOCK *lock, *rand_crngt_lock;
- OSSL_EX_DATA_GLOBAL global;
-@@ -336,6 +371,7 @@ static int default_context_inited = 0;
-
- DEFINE_RUN_ONCE_STATIC(default_context_do_init)
- {
-+ read_kernel_fips_flag();
- if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL))
- goto err;
-
-diff --git a/include/internal/provider.h b/include/internal/provider.h
-index 18937f84c7..1446bf7afb 100644
---- a/include/internal/provider.h
-+++ b/include/internal/provider.h
-@@ -112,6 +112,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
- const OSSL_DISPATCH *in);
- void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx);
-
-+/* FIPS flag access */
-+int ossl_get_kernel_fips_flag(void);
-+
- # ifdef __cplusplus
- }
- # endif
---
-2.41.0
-
diff --git a/0009-RH-Add-FIPS_mode-compatibility-macro.patch b/0009-RH-Add-FIPS_mode-compatibility-macro.patch
new file mode 100644
index 0000000..87d9175
--- /dev/null
+++ b/0009-RH-Add-FIPS_mode-compatibility-macro.patch
@@ -0,0 +1,83 @@
+From 687db529f3c836809355b670ec7d31819e4f91a1 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 09/49] RH: Add FIPS_mode compatibility macro
+
+Patch-name: 0008-Add-FIPS_mode-compatibility-macro.patch
+Patch-id: 8
+Patch-status: |
+ # # Add FIPS_mode() compatibility macro
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ include/openssl/fips.h | 26 ++++++++++++++++++++++++++
+ test/property_test.c | 14 ++++++++++++++
+ 2 files changed, 40 insertions(+)
+ create mode 100644 include/openssl/fips.h
+
+diff --git a/include/openssl/fips.h b/include/openssl/fips.h
+new file mode 100644
+index 0000000000..4162cbf88e
+--- /dev/null
++++ b/include/openssl/fips.h
+@@ -0,0 +1,26 @@
++/*
++ * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the Apache License 2.0 (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#ifndef OPENSSL_FIPS_H
++# define OPENSSL_FIPS_H
++# pragma once
++
++# include <openssl/evp.h>
++# include <openssl/macros.h>
++
++# ifdef __cplusplus
++extern "C" {
++# endif
++
++# define FIPS_mode() EVP_default_properties_is_fips_enabled(NULL)
++
++# ifdef __cplusplus
++}
++# endif
++#endif
+diff --git a/test/property_test.c b/test/property_test.c
+index 18f8cc8740..6864b1a3c1 100644
+--- a/test/property_test.c
++++ b/test/property_test.c
+@@ -687,6 +687,19 @@ static int test_property_list_to_string(int i)
+ return ret;
+ }
+
++#include <openssl/fips.h>
++static int test_downstream_FIPS_mode(void)
++{
++ int ret = 0;
++
++ ret = TEST_true(EVP_set_default_properties(NULL, "fips=yes"))
++ && TEST_true(FIPS_mode())
++ && TEST_true(EVP_set_default_properties(NULL, "fips=no"))
++ && TEST_false(FIPS_mode());
++
++ return ret;
++}
++
+ int setup_tests(void)
+ {
+ ADD_TEST(test_property_string);
+@@ -700,6 +713,7 @@ int setup_tests(void)
+ ADD_TEST(test_property);
+ ADD_TEST(test_query_cache_stochastic);
+ ADD_TEST(test_fips_mode);
++ ADD_TEST(test_downstream_FIPS_mode);
+ ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
+ return 1;
+ }
+--
+2.48.1
+
diff --git a/0010-Add-changes-to-ectest-and-eccurve.patch b/0010-Add-changes-to-ectest-and-eccurve.patch
deleted file mode 100644
index 63a2ca2..0000000
--- a/0010-Add-changes-to-ectest-and-eccurve.patch
+++ /dev/null
@@ -1,1148 +0,0 @@
-From 37fae351c6fef272baf383469181aecfcac87592 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:27 +0200
-Subject: [PATCH 10/35] 0010-Add-changes-to-ectest-and-eccurve.patch
-
-Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch
-Patch-id: 10
-Patch-status: |
- # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so
- # that new modifications made to these files by upstream are not lost.
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
----
- crypto/ec/ec_curve.c | 844 -------------------------------------------
- test/ectest.c | 174 +--------
- 2 files changed, 8 insertions(+), 1010 deletions(-)
-
-diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
-index b5b2f3342d..d32a768fe6 100644
---- a/crypto/ec/ec_curve.c
-+++ b/crypto/ec/ec_curve.c
-@@ -30,38 +30,6 @@ typedef struct {
- } EC_CURVE_DATA;
-
- /* the nist prime curves */
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 24 * 6];
--} _EC_NIST_PRIME_192 = {
-- {
-- NID_X9_62_prime_field, 20, 24, 1
-- },
-- {
-- /* seed */
-- 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28,
-- 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5,
-- /* p */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- /* a */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
-- /* b */
-- 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB,
-- 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1,
-- /* x */
-- 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB,
-- 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12,
-- /* y */
-- 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed,
-- 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11,
-- /* order */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31
-- }
--};
--
- static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 28 * 6];
-@@ -200,187 +168,6 @@ static const struct {
- }
- };
-
--# ifndef FIPS_MODULE
--/* the x9.62 prime curves (minus the nist prime curves) */
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 24 * 6];
--} _EC_X9_62_PRIME_192V2 = {
-- {
-- NID_X9_62_prime_field, 20, 24, 1
-- },
-- {
-- /* seed */
-- 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E,
-- 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6,
-- /* p */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- /* a */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
-- /* b */
-- 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, 0x0D, 0x63,
-- 0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53,
-- /* x */
-- 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, 0x77, 0x69,
-- 0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A,
-- /* y */
-- 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, 0xb8, 0x2a,
-- 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15,
-- /* order */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
-- 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 24 * 6];
--} _EC_X9_62_PRIME_192V3 = {
-- {
-- NID_X9_62_prime_field, 20, 24, 1
-- },
-- {
-- /* seed */
-- 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9,
-- 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E,
-- /* p */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- /* a */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
-- /* b */
-- 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, 0x3D, 0xAE,
-- 0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16,
-- /* x */
-- 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, 0x37, 0x16,
-- 0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96,
-- /* y */
-- 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, 0xdc, 0xb6,
-- 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0,
-- /* order */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 30 * 6];
--} _EC_X9_62_PRIME_239V1 = {
-- {
-- NID_X9_62_prime_field, 20, 30, 1
-- },
-- {
-- /* seed */
-- 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79,
-- 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D,
-- /* p */
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- /* a */
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
-- /* b */
-- 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, 0x54, 0x92,
-- 0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79,
-- 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A,
-- /* x */
-- 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, 0xB8, 0x64,
-- 0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB,
-- 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF,
-- /* y */
-- 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, 0x54, 0xca,
-- 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, 0xce, 0x22, 0x6b, 0x39,
-- 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae,
-- /* order */
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1,
-- 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 30 * 6];
--} _EC_X9_62_PRIME_239V2 = {
-- {
-- NID_X9_62_prime_field, 20, 30, 1
-- },
-- {
-- /* seed */
-- 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99,
-- 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16,
-- /* p */
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- /* a */
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
-- /* b */
-- 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, 0x0D, 0x99,
-- 0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A,
-- 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C,
-- /* x */
-- 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, 0x21, 0xBB,
-- 0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0,
-- 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7,
-- /* y */
-- 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, 0xa0, 0xfc,
-- 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, 0xde, 0x6e, 0xf4, 0x60,
-- 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba,
-- /* order */
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0,
-- 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 30 * 6];
--} _EC_X9_62_PRIME_239V3 = {
-- {
-- NID_X9_62_prime_field, 20, 30, 1
-- },
-- {
-- /* seed */
-- 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76,
-- 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF,
-- /* p */
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- /* a */
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
-- /* b */
-- 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, 0xCB, 0x03,
-- 0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17,
-- 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E,
-- /* x */
-- 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, 0x5C, 0x94,
-- 0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54,
-- 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A,
-- /* y */
-- 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, 0x55, 0x2b,
-- 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, 0x6e, 0x81, 0x84, 0x99,
-- 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3,
-- /* order */
-- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C,
-- 0x43, 0x21, 0x46, 0x52, 0x65, 0x51
-- }
--};
--#endif /* FIPS_MODULE */
--
- static const struct {
- EC_CURVE_DATA h;
- unsigned char data[20 + 32 * 6];
-@@ -421,294 +208,6 @@ static const struct {
-
- #ifndef FIPS_MODULE
- /* the secg prime curves (minus the nist and x9.62 prime curves) */
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 14 * 6];
--} _EC_SECG_PRIME_112R1 = {
-- {
-- NID_X9_62_prime_field, 20, 14, 1
-- },
-- {
-- /* seed */
-- 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
-- 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1,
-- /* p */
-- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
-- 0x20, 0x8B,
-- /* a */
-- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
-- 0x20, 0x88,
-- /* b */
-- 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, 0x11, 0x70,
-- 0x2B, 0x22,
-- /* x */
-- 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, 0xF9, 0xC2,
-- 0xF0, 0x98,
-- /* y */
-- 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, 0x0f, 0xf7,
-- 0x75, 0x00,
-- /* order */
-- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65,
-- 0x61, 0xC5
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 14 * 6];
--} _EC_SECG_PRIME_112R2 = {
-- {
-- NID_X9_62_prime_field, 20, 14, 4
-- },
-- {
-- /* seed */
-- 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
-- 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4,
-- /* p */
-- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
-- 0x20, 0x8B,
-- /* a */
-- 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, 0x5C, 0x0E,
-- 0xF0, 0x2C,
-- /* b */
-- 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, 0x4C, 0x85,
-- 0xD7, 0x09,
-- /* x */
-- 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, 0xD0, 0x92,
-- 0x86, 0x43,
-- /* y */
-- 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, 0x6e, 0x95,
-- 0x6e, 0x97,
-- /* order */
-- 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20,
-- 0xD0, 0x4B
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 16 * 6];
--} _EC_SECG_PRIME_128R1 = {
-- {
-- NID_X9_62_prime_field, 20, 16, 1
-- },
-- {
-- /* seed */
-- 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
-- 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79,
-- /* p */
-- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFF,
-- /* a */
-- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFC,
-- /* b */
-- 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, 0x99, 0x3C,
-- 0x2C, 0xEE, 0x5E, 0xD3,
-- /* x */
-- 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, 0x60, 0x7C,
-- 0xA5, 0x2C, 0x5B, 0x86,
-- /* y */
-- 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, 0xa2, 0x92,
-- 0xdd, 0xed, 0x7a, 0x83,
-- /* order */
-- 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B,
-- 0x90, 0x38, 0xA1, 0x15
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 16 * 6];
--} _EC_SECG_PRIME_128R2 = {
-- {
-- NID_X9_62_prime_field, 20, 16, 4
-- },
-- {
-- /* seed */
-- 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8,
-- 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4,
-- /* p */
-- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFF,
-- /* a */
-- 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, 0xCC, 0x9B,
-- 0xBF, 0xF9, 0xAE, 0xE1,
-- /* b */
-- 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, 0x65, 0x58,
-- 0xBB, 0x6D, 0x8A, 0x5D,
-- /* x */
-- 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, 0x32, 0xA7,
-- 0xCD, 0xEB, 0xC1, 0x40,
-- /* y */
-- 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, 0xfe, 0x80,
-- 0x5f, 0xc3, 0x4b, 0x44,
-- /* order */
-- 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72,
-- 0x06, 0x13, 0xB5, 0xA3
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 21 * 6];
--} _EC_SECG_PRIME_160K1 = {
-- {
-- NID_X9_62_prime_field, 0, 21, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73,
-- /* a */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- /* b */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
-- /* x */
-- 0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, 0x01, 0x9E,
-- 0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E, 0xBB,
-- /* y */
-- 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, 0xc2, 0x82,
-- 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee,
-- /* order */
-- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8,
-- 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 21 * 6];
--} _EC_SECG_PRIME_160R1 = {
-- {
-- NID_X9_62_prime_field, 20, 21, 1
-- },
-- {
-- /* seed */
-- 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
-- 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45,
-- /* p */
-- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF,
-- /* a */
-- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFC,
-- /* b */
-- 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, 0xAC, 0xF8,
-- 0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA, 0x45,
-- /* x */
-- 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, 0x64, 0x69,
-- 0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC, 0x82,
-- /* y */
-- 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, 0xdc, 0xc9,
-- 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32,
-- /* order */
-- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4,
-- 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[20 + 21 * 6];
--} _EC_SECG_PRIME_160R2 = {
-- {
-- NID_X9_62_prime_field, 20, 21, 1
-- },
-- {
-- /* seed */
-- 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6,
-- 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
-- /* p */
-- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73,
-- /* a */
-- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x70,
-- /* b */
-- 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, 0x57, 0x27,
-- 0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88, 0xBA,
-- /* x */
-- 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, 0x4F, 0xF1,
-- 0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE, 0x6D,
-- /* y */
-- 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, 0x71, 0xfa,
-- 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e,
-- /* order */
-- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35,
-- 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 24 * 6];
--} _EC_SECG_PRIME_192K1 = {
-- {
-- NID_X9_62_prime_field, 0, 24, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37,
-- /* a */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- /* b */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
-- /* x */
-- 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, 0x7D, 0x02,
-- 0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D,
-- /* y */
-- 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, 0x63, 0xd0,
-- 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d,
-- /* order */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
-- 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 29 * 6];
--} _EC_SECG_PRIME_224K1 = {
-- {
-- NID_X9_62_prime_field, 0, 29, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFE, 0xFF, 0xFF, 0xE5, 0x6D,
-- /* a */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00,
-- /* b */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x05,
-- /* x */
-- 0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, 0xFC, 0x28,
-- 0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65,
-- 0x0E, 0xB6, 0xB7, 0xA4, 0x5C,
-- /* y */
-- 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, 0xca, 0xfb,
-- 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, 0x59, 0xe2, 0xca, 0x4b,
-- 0xdb, 0x55, 0x6d, 0x61, 0xa5,
-- /* order */
-- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9,
-- 0x71, 0x76, 0x9F, 0xB1, 0xF7
-- }
--};
--
- static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 32 * 6];
-@@ -745,102 +244,6 @@ static const struct {
- }
- };
-
--/* some wap/wtls curves */
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 15 * 6];
--} _EC_WTLS_8 = {
-- {
-- NID_X9_62_prime_field, 0, 15, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFD, 0xE7,
-- /* a */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00,
-- /* b */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x03,
-- /* x */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x01,
-- /* y */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x02,
-- /* order */
-- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A,
-- 0xD8, 0x37, 0xE9
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 21 * 6];
--} _EC_WTLS_9 = {
-- {
-- NID_X9_62_prime_field, 0, 21, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F,
-- /* a */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- /* b */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
-- /* x */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
-- /* y */
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
-- /* order */
-- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD,
-- 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 28 * 6];
--} _EC_WTLS_12 = {
-- {
-- NID_X9_62_prime_field, 0, 28, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-- 0x00, 0x00, 0x00, 0x01,
-- /* a */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0xFF, 0xFE,
-- /* b */
-- 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
-- 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
-- 0x23, 0x55, 0xFF, 0xB4,
-- /* x */
-- 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
-- 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
-- 0x11, 0x5C, 0x1D, 0x21,
-- /* y */
-- 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
-- 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
-- 0x85, 0x00, 0x7e, 0x34,
-- /* order */
-- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
-- 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
-- 0x5C, 0x5C, 0x2A, 0x3D
-- }
--};
- #endif /* FIPS_MODULE */
-
- #ifndef OPENSSL_NO_EC2M
-@@ -2236,198 +1639,6 @@ static const struct {
- */
-
- #ifndef FIPS_MODULE
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 20 * 6];
--} _EC_brainpoolP160r1 = {
-- {
-- NID_X9_62_prime_field, 0, 20, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
-- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
-- /* a */
-- 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, 0x61, 0xBA,
-- 0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00,
-- /* b */
-- 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, 0xAA, 0x2D,
-- 0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58,
-- /* x */
-- 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, 0x8C, 0x46,
-- 0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3,
-- /* y */
-- 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, 0x47, 0x41,
-- 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21,
-- /* order */
-- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
-- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 20 * 6];
--} _EC_brainpoolP160t1 = {
-- {
-- NID_X9_62_prime_field, 0, 20, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
-- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
-- /* a */
-- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
-- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C,
-- /* b */
-- 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, 0x2C, 0x4D,
-- 0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80,
-- /* x */
-- 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, 0x64, 0xBA,
-- 0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78,
-- /* y */
-- 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, 0x1B, 0x84,
-- 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD,
-- /* order */
-- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
-- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 24 * 6];
--} _EC_brainpoolP192r1 = {
-- {
-- NID_X9_62_prime_field, 0, 24, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
-- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
-- /* a */
-- 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, 0xC0, 0x31,
-- 0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF,
-- /* b */
-- 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, 0x1D, 0x04,
-- 0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9,
-- /* x */
-- 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, 0x33, 0xC5,
-- 0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6,
-- /* y */
-- 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, 0x48, 0x28,
-- 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F,
-- /* order */
-- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
-- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 24 * 6];
--} _EC_brainpoolP192t1 = {
-- {
-- NID_X9_62_prime_field, 0, 24, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
-- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
-- /* a */
-- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
-- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94,
-- /* b */
-- 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, 0xDE, 0xB4,
-- 0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79,
-- /* x */
-- 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, 0x1F, 0xE7,
-- 0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29,
-- /* y */
-- 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, 0xB5, 0xCA,
-- 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9,
-- /* order */
-- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
-- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 28 * 6];
--} _EC_brainpoolP224r1 = {
-- {
-- NID_X9_62_prime_field, 0, 28, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
-- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
-- 0x7E, 0xC8, 0xC0, 0xFF,
-- /* a */
-- 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, 0x03, 0xA6,
-- 0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59,
-- 0xCA, 0xD2, 0x9F, 0x43,
-- /* b */
-- 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, 0x13, 0xB1,
-- 0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72,
-- 0x38, 0x6C, 0x40, 0x0B,
-- /* x */
-- 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, 0x23, 0xB2,
-- 0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD,
-- 0xEE, 0x12, 0xC0, 0x7D,
-- /* y */
-- 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, 0xB8, 0x9E,
-- 0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3,
-- 0x76, 0x14, 0x02, 0xCD,
-- /* order */
-- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
-- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
-- 0xA5, 0xA7, 0x93, 0x9F
-- }
--};
--
--static const struct {
-- EC_CURVE_DATA h;
-- unsigned char data[0 + 28 * 6];
--} _EC_brainpoolP224t1 = {
-- {
-- NID_X9_62_prime_field, 0, 28, 1
-- },
-- {
-- /* no seed */
-- /* p */
-- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
-- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
-- 0x7E, 0xC8, 0xC0, 0xFF,
-- /* a */
-- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
-- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
-- 0x7E, 0xC8, 0xC0, 0xFC,
-- /* b */
-- 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, 0x1B, 0xF6,
-- 0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1,
-- 0x8A, 0x60, 0x88, 0x8D,
-- /* x */
-- 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, 0x4E, 0x7F,
-- 0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60,
-- 0x29, 0xB4, 0xD5, 0x80,
-- /* y */
-- 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, 0x3F, 0x4D,
-- 0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F,
-- 0x1A, 0x46, 0xDB, 0x4C,
-- /* order */
-- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
-- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
-- 0xA5, 0xA7, 0x93, 0x9F
-- }
--};
--
- static const struct {
- EC_CURVE_DATA h;
- unsigned char data[0 + 32 * 6];
-@@ -2854,8 +2065,6 @@ static const ec_list_element curve_list[] = {
- "NIST/SECG curve over a 521 bit prime field"},
-
- /* X9.62 curves */
-- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
-- "NIST/X9.62/SECG curve over a 192 bit prime field"},
- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
- # if defined(ECP_NISTZ256_ASM)
- EC_GFp_nistz256_method,
-@@ -2899,25 +2108,6 @@ static const ec_list_element curve_list[] = {
- static const ec_list_element curve_list[] = {
- /* prime field curves */
- /* secg curves */
-- {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0,
-- "SECG/WTLS curve over a 112 bit prime field"},
-- {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0,
-- "SECG curve over a 112 bit prime field"},
-- {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0,
-- "SECG curve over a 128 bit prime field"},
-- {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0,
-- "SECG curve over a 128 bit prime field"},
-- {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0,
-- "SECG curve over a 160 bit prime field"},
-- {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0,
-- "SECG curve over a 160 bit prime field"},
-- {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0,
-- "SECG/WTLS curve over a 160 bit prime field"},
-- /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
-- {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0,
-- "SECG curve over a 192 bit prime field"},
-- {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0,
-- "SECG curve over a 224 bit prime field"},
- # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
- {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
- "NIST/SECG curve over a 224 bit prime field"},
-@@ -2945,18 +2135,6 @@ static const ec_list_element curve_list[] = {
- # endif
- "NIST/SECG curve over a 521 bit prime field"},
- /* X9.62 curves */
-- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
-- "NIST/X9.62/SECG curve over a 192 bit prime field"},
-- {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
-- "X9.62 curve over a 192 bit prime field"},
-- {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0,
-- "X9.62 curve over a 192 bit prime field"},
-- {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0,
-- "X9.62 curve over a 239 bit prime field"},
-- {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0,
-- "X9.62 curve over a 239 bit prime field"},
-- {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0,
-- "X9.62 curve over a 239 bit prime field"},
- {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
- # if defined(ECP_NISTZ256_ASM)
- EC_GFp_nistz256_method,
-@@ -3053,22 +2231,12 @@ static const ec_list_element curve_list[] = {
- {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0,
- "X9.62 curve over a 163 bit binary field"},
- # endif
-- {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0,
-- "SECG/WTLS curve over a 112 bit prime field"},
-- {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0,
-- "SECG/WTLS curve over a 160 bit prime field"},
-- {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0,
-- "WTLS curve over a 112 bit prime field"},
-- {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0,
-- "WTLS curve over a 160 bit prime field"},
- # ifndef OPENSSL_NO_EC2M
- {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0,
- "NIST/SECG/WTLS curve over a 233 bit binary field"},
- {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0,
- "NIST/SECG/WTLS curve over a 233 bit binary field"},
- # endif
-- {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
-- "WTLS curve over a 224 bit prime field"},
- # ifndef OPENSSL_NO_EC2M
- /* IPSec curves */
- {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
-@@ -3079,18 +2247,6 @@ static const ec_list_element curve_list[] = {
- "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
- # endif
- /* brainpool curves */
-- {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0,
-- "RFC 5639 curve over a 160 bit prime field"},
-- {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0,
-- "RFC 5639 curve over a 160 bit prime field"},
-- {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0,
-- "RFC 5639 curve over a 192 bit prime field"},
-- {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0,
-- "RFC 5639 curve over a 192 bit prime field"},
-- {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0,
-- "RFC 5639 curve over a 224 bit prime field"},
-- {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0,
-- "RFC 5639 curve over a 224 bit prime field"},
- {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0,
- "RFC 5639 curve over a 256 bit prime field"},
- {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0,
-diff --git a/test/ectest.c b/test/ectest.c
-index afef85b0e6..4890b0555e 100644
---- a/test/ectest.c
-+++ b/test/ectest.c
-@@ -175,184 +175,26 @@ static int prime_field_tests(void)
- || !TEST_ptr(p = BN_new())
- || !TEST_ptr(a = BN_new())
- || !TEST_ptr(b = BN_new())
-- || !TEST_true(BN_hex2bn(&p, "17"))
-- || !TEST_true(BN_hex2bn(&a, "1"))
-- || !TEST_true(BN_hex2bn(&b, "1"))
-- || !TEST_ptr(group = EC_GROUP_new_curve_GFp(p, a, b, ctx))
-- || !TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)))
-+ /*
-+ * applications should use EC_GROUP_new_curve_GFp so
-+ * that the library gets to choose the EC_METHOD
-+ */
-+ || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method())))
- goto err;
-
-- TEST_info("Curve defined by Weierstrass equation");
-- TEST_note(" y^2 = x^3 + a*x + b (mod p)");
-- test_output_bignum("a", a);
-- test_output_bignum("b", b);
-- test_output_bignum("p", p);
--
- buf[0] = 0;
- if (!TEST_ptr(P = EC_POINT_new(group))
- || !TEST_ptr(Q = EC_POINT_new(group))
- || !TEST_ptr(R = EC_POINT_new(group))
-- || !TEST_true(EC_POINT_set_to_infinity(group, P))
-- || !TEST_true(EC_POINT_is_at_infinity(group, P))
-- || !TEST_true(EC_POINT_oct2point(group, Q, buf, 1, ctx))
-- || !TEST_true(EC_POINT_add(group, P, P, Q, ctx))
-- || !TEST_true(EC_POINT_is_at_infinity(group, P))
- || !TEST_ptr(x = BN_new())
- || !TEST_ptr(y = BN_new())
- || !TEST_ptr(z = BN_new())
-- || !TEST_ptr(yplusone = BN_new())
-- || !TEST_true(BN_hex2bn(&x, "D"))
-- || !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx)))
-- goto err;
--
-- if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) {
-- if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx)))
-- goto err;
-- TEST_info("Point is not on curve");
-- test_output_bignum("x", x);
-- test_output_bignum("y", y);
-- goto err;
-- }
--
-- TEST_note("A cyclic subgroup:");
-- k = 100;
-- do {
-- if (!TEST_int_ne(k--, 0))
-- goto err;
--
-- if (EC_POINT_is_at_infinity(group, P)) {
-- TEST_note(" point at infinity");
-- } else {
-- if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y,
-- ctx)))
-- goto err;
--
-- test_output_bignum("x", x);
-- test_output_bignum("y", y);
-- }
--
-- if (!TEST_true(EC_POINT_copy(R, P))
-- || !TEST_true(EC_POINT_add(group, P, P, Q, ctx)))
-- goto err;
--
-- } while (!EC_POINT_is_at_infinity(group, P));
--
-- if (!TEST_true(EC_POINT_add(group, P, Q, R, ctx))
-- || !TEST_true(EC_POINT_is_at_infinity(group, P)))
-- goto err;
--
-- len =
-- EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
-- sizeof(buf), ctx);
-- if (!TEST_size_t_ne(len, 0)
-- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
-- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
-- goto err;
-- test_output_memory("Generator as octet string, compressed form:",
-- buf, len);
--
-- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED,
-- buf, sizeof(buf), ctx);
-- if (!TEST_size_t_ne(len, 0)
-- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
-- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
-- goto err;
-- test_output_memory("Generator as octet string, uncompressed form:",
-- buf, len);
--
-- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID,
-- buf, sizeof(buf), ctx);
-- if (!TEST_size_t_ne(len, 0)
-- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
-- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
-- goto err;
-- test_output_memory("Generator as octet string, hybrid form:",
-- buf, len);
--
-- if (!TEST_true(EC_POINT_invert(group, P, ctx))
-- || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))
--
-- /*
-- * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2,
-- * 2000) -- not a NIST curve, but commonly used
-- */
--
-- || !TEST_true(BN_hex2bn(&p, "FFFFFFFF"
-- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
-- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
-- || !TEST_true(BN_hex2bn(&a, "FFFFFFFF"
-- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
-- || !TEST_true(BN_hex2bn(&b, "1C97BEFC"
-- "54BD7A8B65ACF89F81D4D4ADC565FA45"))
-- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
-- || !TEST_true(BN_hex2bn(&x, "4A96B568"
-- "8EF573284664698968C38BB913CBFC82"))
-- || !TEST_true(BN_hex2bn(&y, "23a62855"
-- "3168947d59dcc912042351377ac5fb32"))
-- || !TEST_true(BN_add(yplusone, y, BN_value_one()))
-- /*
-- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
-- * and therefore setting the coordinates should fail.
-- */
-- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
-- ctx))
-- || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx))
-- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
-- || !TEST_true(BN_hex2bn(&z, "0100000000"
-- "000000000001F4C8F927AED3CA752257"))
-- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
-- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
-- goto err;
-- TEST_info("SEC2 curve secp160r1 -- Generator");
-- test_output_bignum("x", x);
-- test_output_bignum("y", y);
-- /* G_y value taken from the standard: */
-- if (!TEST_true(BN_hex2bn(&z, "23a62855"
-- "3168947d59dcc912042351377ac5fb32"))
-- || !TEST_BN_eq(y, z)
-- || !TEST_int_eq(EC_GROUP_get_degree(group), 160)
-- || !group_order_tests(group)
--
-- /* Curve P-192 (FIPS PUB 186-2, App. 6) */
--
-- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF"
-- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
-- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
-- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF"
-- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
-- || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7"
-- "0FA7E9AB72243049FEB8DEECC146B9B1"))
-- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
-- || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6"
-- "7CBF20EB43A18800F4FF0AFD82FF1012"))
-- || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
-- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
-- || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF"
-- "FFFFFFFF99DEF836146BC9B1B4D22831"))
-- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
-- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
-+ || !TEST_ptr(yplusone = BN_new()))
- goto err;
-
-- TEST_info("NIST curve P-192 -- Generator");
-- test_output_bignum("x", x);
-- test_output_bignum("y", y);
-- /* G_y value taken from the standard: */
-- if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78"
-- "631011ED6B24CDD573F977A11E794811"))
-- || !TEST_BN_eq(y, z)
-- || !TEST_true(BN_add(yplusone, y, BN_value_one()))
-- /*
-- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
-- * and therefore setting the coordinates should fail.
-- */
-- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
-- ctx))
-- || !TEST_int_eq(EC_GROUP_get_degree(group), 192)
-- || !group_order_tests(group)
--
- /* Curve P-224 (FIPS PUB 186-2, App. 6) */
-
-- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
-+ if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
- "FFFFFFFF000000000000000000000001"))
- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF"
-@@ -3015,7 +2857,7 @@ int setup_tests(void)
-
- ADD_TEST(parameter_test);
- ADD_TEST(ossl_parameter_test);
-- ADD_TEST(cofactor_range_test);
-+ /* ADD_TEST(cofactor_range_test); */
- ADD_ALL_TESTS(cardinality_test, crv_len);
- ADD_TEST(prime_field_tests);
- #ifndef OPENSSL_NO_EC2M
---
-2.41.0
-
diff --git a/0010-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch b/0010-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
new file mode 100644
index 0000000..326acb5
--- /dev/null
+++ b/0010-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
@@ -0,0 +1,92 @@
+From f6f8d36c584f3555523fa8f60220a2afea8b34e5 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 10/49] RH: Add Kernel FIPS mode flag support - FIXSTYLE
+
+Patch-name: 0009-Add-Kernel-FIPS-mode-flag-support.patch
+Patch-id: 9
+Patch-status: |
+ # # Add check to see if fips flag is enabled in kernel
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ crypto/context.c | 35 +++++++++++++++++++++++++++++++++++
+ include/internal/provider.h | 3 +++
+ 2 files changed, 38 insertions(+)
+
+diff --git a/crypto/context.c b/crypto/context.c
+index f15bc3d755..614c8a2c88 100644
+--- a/crypto/context.c
++++ b/crypto/context.c
+@@ -7,6 +7,7 @@
+ * https://www.openssl.org/source/license.html
+ */
+
++#define _GNU_SOURCE /* needed for secure_getenv */
+ #include "crypto/cryptlib.h"
+ #include <openssl/conf.h>
+ #include <openssl/trace.h>
+@@ -19,6 +20,38 @@
+ #include "crypto/decoder.h"
+ #include "crypto/context.h"
+
++# include <sys/types.h>
++# include <sys/stat.h>
++# include <fcntl.h>
++# include <unistd.h>
++# include <openssl/evp.h>
++
++# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
++
++static int kernel_fips_flag;
++
++static void read_kernel_fips_flag(void)
++{
++ char buf[2] = "0";
++ int fd;
++
++ if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
++ buf[0] = '1';
++ } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
++ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
++ close(fd);
++ }
++
++ if (buf[0] == '1') {
++ kernel_fips_flag = 1;
++ }
++}
++
++int ossl_get_kernel_fips_flag()
++{
++ return kernel_fips_flag;
++}
++
+ struct ossl_lib_ctx_st {
+ CRYPTO_RWLOCK *lock;
+ OSSL_EX_DATA_GLOBAL global;
+@@ -393,6 +426,8 @@ static int default_context_inited = 0;
+
+ DEFINE_RUN_ONCE_STATIC(default_context_do_init)
+ {
++ read_kernel_fips_flag();
++
+ if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL))
+ goto err;
+
+diff --git a/include/internal/provider.h b/include/internal/provider.h
+index 6909a1919c..9d2e355251 100644
+--- a/include/internal/provider.h
++++ b/include/internal/provider.h
+@@ -111,6 +111,9 @@ int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
+ const OSSL_DISPATCH *in);
+ void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx);
+
++/* FIPS flag access */
++int ossl_get_kernel_fips_flag(void);
++
+ # ifdef __cplusplus
+ }
+ # endif
+--
+2.48.1
+
diff --git a/0011-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch b/0011-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
new file mode 100644
index 0000000..c8e455c
--- /dev/null
+++ b/0011-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
@@ -0,0 +1,1419 @@
+From 3dee434f4c05263ef3a392a3b57505c2a8879d99 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 11/49] RH: Drop weak curve definitions - RENAMED/SQUASHED
+
+Patch-name: 0010-Add-changes-to-ectest-and-eccurve.patch
+Patch-id: 10
+Patch-status: |
+ # # Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so
+ # # that new modifications made to these files by upstream are not lost.
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+
+commit #2:
+Patch-name: 0011-Remove-EC-curves.patch
+Patch-id: 11
+Patch-status: |
+ # # remove unsupported EC curves
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ apps/speed.c | 8 +-
+ crypto/ec/ec_curve.c | 844 -----------------------------------
+ crypto/evp/ec_support.c | 87 ----
+ test/acvp_test.inc | 9 -
+ test/ecdsatest.h | 17 -
+ test/ectest.c | 174 +-------
+ test/recipes/15-test_genec.t | 27 --
+ 7 files changed, 9 insertions(+), 1157 deletions(-)
+
+diff --git a/apps/speed.c b/apps/speed.c
+index f52f2c839d..1edf9b8485 100644
+--- a/apps/speed.c
++++ b/apps/speed.c
+@@ -405,7 +405,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
+ #endif /* OPENSSL_NO_DH */
+
+ enum ec_curves_t {
+- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
++ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
+ #ifndef OPENSSL_NO_EC2M
+ R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
+ R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
+@@ -415,8 +415,6 @@ enum ec_curves_t {
+ };
+ /* list of ecdsa curves */
+ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
+- {"ecdsap160", R_EC_P160},
+- {"ecdsap192", R_EC_P192},
+ {"ecdsap224", R_EC_P224},
+ {"ecdsap256", R_EC_P256},
+ {"ecdsap384", R_EC_P384},
+@@ -449,8 +447,6 @@ enum {
+ };
+ /* list of ecdh curves, extension of |ecdsa_choices| list above */
+ static const OPT_PAIR ecdh_choices[EC_NUM] = {
+- {"ecdhp160", R_EC_P160},
+- {"ecdhp192", R_EC_P192},
+ {"ecdhp224", R_EC_P224},
+ {"ecdhp256", R_EC_P256},
+ {"ecdhp384", R_EC_P384},
+@@ -1966,8 +1962,6 @@ int speed_main(int argc, char **argv)
+ */
+ static const EC_CURVE ec_curves[EC_NUM] = {
+ /* Prime Curves */
+- {"secp160r1", NID_secp160r1, 160},
+- {"nistp192", NID_X9_62_prime192v1, 192},
+ {"nistp224", NID_secp224r1, 224},
+ {"nistp256", NID_X9_62_prime256v1, 256},
+ {"nistp384", NID_secp384r1, 384},
+diff --git a/crypto/ec/ec_curve.c b/crypto/ec/ec_curve.c
+index f46aac5d33..8c5ba5b839 100644
+--- a/crypto/ec/ec_curve.c
++++ b/crypto/ec/ec_curve.c
+@@ -30,38 +30,6 @@ typedef struct {
+ } EC_CURVE_DATA;
+
+ /* the nist prime curves */
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 24 * 6];
+-} _EC_NIST_PRIME_192 = {
+- {
+- NID_X9_62_prime_field, 20, 24, 1
+- },
+- {
+- /* seed */
+- 0x30, 0x45, 0xAE, 0x6F, 0xC8, 0x42, 0x2F, 0x64, 0xED, 0x57, 0x95, 0x28,
+- 0xD3, 0x81, 0x20, 0xEA, 0xE1, 0x21, 0x96, 0xD5,
+- /* p */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- /* a */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+- /* b */
+- 0x64, 0x21, 0x05, 0x19, 0xE5, 0x9C, 0x80, 0xE7, 0x0F, 0xA7, 0xE9, 0xAB,
+- 0x72, 0x24, 0x30, 0x49, 0xFE, 0xB8, 0xDE, 0xEC, 0xC1, 0x46, 0xB9, 0xB1,
+- /* x */
+- 0x18, 0x8D, 0xA8, 0x0E, 0xB0, 0x30, 0x90, 0xF6, 0x7C, 0xBF, 0x20, 0xEB,
+- 0x43, 0xA1, 0x88, 0x00, 0xF4, 0xFF, 0x0A, 0xFD, 0x82, 0xFF, 0x10, 0x12,
+- /* y */
+- 0x07, 0x19, 0x2b, 0x95, 0xff, 0xc8, 0xda, 0x78, 0x63, 0x10, 0x11, 0xed,
+- 0x6b, 0x24, 0xcd, 0xd5, 0x73, 0xf9, 0x77, 0xa1, 0x1e, 0x79, 0x48, 0x11,
+- /* order */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0x99, 0xDE, 0xF8, 0x36, 0x14, 0x6B, 0xC9, 0xB1, 0xB4, 0xD2, 0x28, 0x31
+- }
+-};
+-
+ static const struct {
+ EC_CURVE_DATA h;
+ unsigned char data[20 + 28 * 6];
+@@ -200,187 +168,6 @@ static const struct {
+ }
+ };
+
+-# ifndef FIPS_MODULE
+-/* the x9.62 prime curves (minus the nist prime curves) */
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 24 * 6];
+-} _EC_X9_62_PRIME_192V2 = {
+- {
+- NID_X9_62_prime_field, 20, 24, 1
+- },
+- {
+- /* seed */
+- 0x31, 0xA9, 0x2E, 0xE2, 0x02, 0x9F, 0xD1, 0x0D, 0x90, 0x1B, 0x11, 0x3E,
+- 0x99, 0x07, 0x10, 0xF0, 0xD2, 0x1A, 0xC6, 0xB6,
+- /* p */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- /* a */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+- /* b */
+- 0xCC, 0x22, 0xD6, 0xDF, 0xB9, 0x5C, 0x6B, 0x25, 0xE4, 0x9C, 0x0D, 0x63,
+- 0x64, 0xA4, 0xE5, 0x98, 0x0C, 0x39, 0x3A, 0xA2, 0x16, 0x68, 0xD9, 0x53,
+- /* x */
+- 0xEE, 0xA2, 0xBA, 0xE7, 0xE1, 0x49, 0x78, 0x42, 0xF2, 0xDE, 0x77, 0x69,
+- 0xCF, 0xE9, 0xC9, 0x89, 0xC0, 0x72, 0xAD, 0x69, 0x6F, 0x48, 0x03, 0x4A,
+- /* y */
+- 0x65, 0x74, 0xd1, 0x1d, 0x69, 0xb6, 0xec, 0x7a, 0x67, 0x2b, 0xb8, 0x2a,
+- 0x08, 0x3d, 0xf2, 0xf2, 0xb0, 0x84, 0x7d, 0xe9, 0x70, 0xb2, 0xde, 0x15,
+- /* order */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
+- 0x5F, 0xB1, 0xA7, 0x24, 0xDC, 0x80, 0x41, 0x86, 0x48, 0xD8, 0xDD, 0x31
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 24 * 6];
+-} _EC_X9_62_PRIME_192V3 = {
+- {
+- NID_X9_62_prime_field, 20, 24, 1
+- },
+- {
+- /* seed */
+- 0xC4, 0x69, 0x68, 0x44, 0x35, 0xDE, 0xB3, 0x78, 0xC4, 0xB6, 0x5C, 0xA9,
+- 0x59, 0x1E, 0x2A, 0x57, 0x63, 0x05, 0x9A, 0x2E,
+- /* p */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- /* a */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+- /* b */
+- 0x22, 0x12, 0x3D, 0xC2, 0x39, 0x5A, 0x05, 0xCA, 0xA7, 0x42, 0x3D, 0xAE,
+- 0xCC, 0xC9, 0x47, 0x60, 0xA7, 0xD4, 0x62, 0x25, 0x6B, 0xD5, 0x69, 0x16,
+- /* x */
+- 0x7D, 0x29, 0x77, 0x81, 0x00, 0xC6, 0x5A, 0x1D, 0xA1, 0x78, 0x37, 0x16,
+- 0x58, 0x8D, 0xCE, 0x2B, 0x8B, 0x4A, 0xEE, 0x8E, 0x22, 0x8F, 0x18, 0x96,
+- /* y */
+- 0x38, 0xa9, 0x0f, 0x22, 0x63, 0x73, 0x37, 0x33, 0x4b, 0x49, 0xdc, 0xb6,
+- 0x6a, 0x6d, 0xc8, 0xf9, 0x97, 0x8a, 0xca, 0x76, 0x48, 0xa9, 0x43, 0xb0,
+- /* order */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0x7A, 0x62, 0xD0, 0x31, 0xC8, 0x3F, 0x42, 0x94, 0xF6, 0x40, 0xEC, 0x13
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 30 * 6];
+-} _EC_X9_62_PRIME_239V1 = {
+- {
+- NID_X9_62_prime_field, 20, 30, 1
+- },
+- {
+- /* seed */
+- 0xE4, 0x3B, 0xB4, 0x60, 0xF0, 0xB8, 0x0C, 0xC0, 0xC0, 0xB0, 0x75, 0x79,
+- 0x8E, 0x94, 0x80, 0x60, 0xF8, 0x32, 0x1B, 0x7D,
+- /* p */
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- /* a */
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+- /* b */
+- 0x6B, 0x01, 0x6C, 0x3B, 0xDC, 0xF1, 0x89, 0x41, 0xD0, 0xD6, 0x54, 0x92,
+- 0x14, 0x75, 0xCA, 0x71, 0xA9, 0xDB, 0x2F, 0xB2, 0x7D, 0x1D, 0x37, 0x79,
+- 0x61, 0x85, 0xC2, 0x94, 0x2C, 0x0A,
+- /* x */
+- 0x0F, 0xFA, 0x96, 0x3C, 0xDC, 0xA8, 0x81, 0x6C, 0xCC, 0x33, 0xB8, 0x64,
+- 0x2B, 0xED, 0xF9, 0x05, 0xC3, 0xD3, 0x58, 0x57, 0x3D, 0x3F, 0x27, 0xFB,
+- 0xBD, 0x3B, 0x3C, 0xB9, 0xAA, 0xAF,
+- /* y */
+- 0x7d, 0xeb, 0xe8, 0xe4, 0xe9, 0x0a, 0x5d, 0xae, 0x6e, 0x40, 0x54, 0xca,
+- 0x53, 0x0b, 0xa0, 0x46, 0x54, 0xb3, 0x68, 0x18, 0xce, 0x22, 0x6b, 0x39,
+- 0xfc, 0xcb, 0x7b, 0x02, 0xf1, 0xae,
+- /* order */
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0x7F, 0xFF, 0xFF, 0x9E, 0x5E, 0x9A, 0x9F, 0x5D, 0x90, 0x71, 0xFB, 0xD1,
+- 0x52, 0x26, 0x88, 0x90, 0x9D, 0x0B
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 30 * 6];
+-} _EC_X9_62_PRIME_239V2 = {
+- {
+- NID_X9_62_prime_field, 20, 30, 1
+- },
+- {
+- /* seed */
+- 0xE8, 0xB4, 0x01, 0x16, 0x04, 0x09, 0x53, 0x03, 0xCA, 0x3B, 0x80, 0x99,
+- 0x98, 0x2B, 0xE0, 0x9F, 0xCB, 0x9A, 0xE6, 0x16,
+- /* p */
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- /* a */
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+- /* b */
+- 0x61, 0x7F, 0xAB, 0x68, 0x32, 0x57, 0x6C, 0xBB, 0xFE, 0xD5, 0x0D, 0x99,
+- 0xF0, 0x24, 0x9C, 0x3F, 0xEE, 0x58, 0xB9, 0x4B, 0xA0, 0x03, 0x8C, 0x7A,
+- 0xE8, 0x4C, 0x8C, 0x83, 0x2F, 0x2C,
+- /* x */
+- 0x38, 0xAF, 0x09, 0xD9, 0x87, 0x27, 0x70, 0x51, 0x20, 0xC9, 0x21, 0xBB,
+- 0x5E, 0x9E, 0x26, 0x29, 0x6A, 0x3C, 0xDC, 0xF2, 0xF3, 0x57, 0x57, 0xA0,
+- 0xEA, 0xFD, 0x87, 0xB8, 0x30, 0xE7,
+- /* y */
+- 0x5b, 0x01, 0x25, 0xe4, 0xdb, 0xea, 0x0e, 0xc7, 0x20, 0x6d, 0xa0, 0xfc,
+- 0x01, 0xd9, 0xb0, 0x81, 0x32, 0x9f, 0xb5, 0x55, 0xde, 0x6e, 0xf4, 0x60,
+- 0x23, 0x7d, 0xff, 0x8b, 0xe4, 0xba,
+- /* order */
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0x80, 0x00, 0x00, 0xCF, 0xA7, 0xE8, 0x59, 0x43, 0x77, 0xD4, 0x14, 0xC0,
+- 0x38, 0x21, 0xBC, 0x58, 0x20, 0x63
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 30 * 6];
+-} _EC_X9_62_PRIME_239V3 = {
+- {
+- NID_X9_62_prime_field, 20, 30, 1
+- },
+- {
+- /* seed */
+- 0x7D, 0x73, 0x74, 0x16, 0x8F, 0xFE, 0x34, 0x71, 0xB6, 0x0A, 0x85, 0x76,
+- 0x86, 0xA1, 0x94, 0x75, 0xD3, 0xBF, 0xA2, 0xFF,
+- /* p */
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- /* a */
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC,
+- /* b */
+- 0x25, 0x57, 0x05, 0xFA, 0x2A, 0x30, 0x66, 0x54, 0xB1, 0xF4, 0xCB, 0x03,
+- 0xD6, 0xA7, 0x50, 0xA3, 0x0C, 0x25, 0x01, 0x02, 0xD4, 0x98, 0x87, 0x17,
+- 0xD9, 0xBA, 0x15, 0xAB, 0x6D, 0x3E,
+- /* x */
+- 0x67, 0x68, 0xAE, 0x8E, 0x18, 0xBB, 0x92, 0xCF, 0xCF, 0x00, 0x5C, 0x94,
+- 0x9A, 0xA2, 0xC6, 0xD9, 0x48, 0x53, 0xD0, 0xE6, 0x60, 0xBB, 0xF8, 0x54,
+- 0xB1, 0xC9, 0x50, 0x5F, 0xE9, 0x5A,
+- /* y */
+- 0x16, 0x07, 0xe6, 0x89, 0x8f, 0x39, 0x0c, 0x06, 0xbc, 0x1d, 0x55, 0x2b,
+- 0xad, 0x22, 0x6f, 0x3b, 0x6f, 0xcf, 0xe4, 0x8b, 0x6e, 0x81, 0x84, 0x99,
+- 0xaf, 0x18, 0xe3, 0xed, 0x6c, 0xf3,
+- /* order */
+- 0x7F, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0x7F, 0xFF, 0xFF, 0x97, 0x5D, 0xEB, 0x41, 0xB3, 0xA6, 0x05, 0x7C, 0x3C,
+- 0x43, 0x21, 0x46, 0x52, 0x65, 0x51
+- }
+-};
+-#endif /* FIPS_MODULE */
+-
+ static const struct {
+ EC_CURVE_DATA h;
+ unsigned char data[20 + 32 * 8];
+@@ -429,294 +216,6 @@ static const struct {
+
+ #ifndef FIPS_MODULE
+ /* the secg prime curves (minus the nist and x9.62 prime curves) */
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 14 * 6];
+-} _EC_SECG_PRIME_112R1 = {
+- {
+- NID_X9_62_prime_field, 20, 14, 1
+- },
+- {
+- /* seed */
+- 0x00, 0xF5, 0x0B, 0x02, 0x8E, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+- 0x51, 0x75, 0x29, 0x04, 0x72, 0x78, 0x3F, 0xB1,
+- /* p */
+- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+- 0x20, 0x8B,
+- /* a */
+- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+- 0x20, 0x88,
+- /* b */
+- 0x65, 0x9E, 0xF8, 0xBA, 0x04, 0x39, 0x16, 0xEE, 0xDE, 0x89, 0x11, 0x70,
+- 0x2B, 0x22,
+- /* x */
+- 0x09, 0x48, 0x72, 0x39, 0x99, 0x5A, 0x5E, 0xE7, 0x6B, 0x55, 0xF9, 0xC2,
+- 0xF0, 0x98,
+- /* y */
+- 0xa8, 0x9c, 0xe5, 0xaf, 0x87, 0x24, 0xc0, 0xa2, 0x3e, 0x0e, 0x0f, 0xf7,
+- 0x75, 0x00,
+- /* order */
+- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x76, 0x28, 0xDF, 0xAC, 0x65,
+- 0x61, 0xC5
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 14 * 6];
+-} _EC_SECG_PRIME_112R2 = {
+- {
+- NID_X9_62_prime_field, 20, 14, 4
+- },
+- {
+- /* seed */
+- 0x00, 0x27, 0x57, 0xA1, 0x11, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61,
+- 0x51, 0x75, 0x53, 0x16, 0xC0, 0x5E, 0x0B, 0xD4,
+- /* p */
+- 0xDB, 0x7C, 0x2A, 0xBF, 0x62, 0xE3, 0x5E, 0x66, 0x80, 0x76, 0xBE, 0xAD,
+- 0x20, 0x8B,
+- /* a */
+- 0x61, 0x27, 0xC2, 0x4C, 0x05, 0xF3, 0x8A, 0x0A, 0xAA, 0xF6, 0x5C, 0x0E,
+- 0xF0, 0x2C,
+- /* b */
+- 0x51, 0xDE, 0xF1, 0x81, 0x5D, 0xB5, 0xED, 0x74, 0xFC, 0xC3, 0x4C, 0x85,
+- 0xD7, 0x09,
+- /* x */
+- 0x4B, 0xA3, 0x0A, 0xB5, 0xE8, 0x92, 0xB4, 0xE1, 0x64, 0x9D, 0xD0, 0x92,
+- 0x86, 0x43,
+- /* y */
+- 0xad, 0xcd, 0x46, 0xf5, 0x88, 0x2e, 0x37, 0x47, 0xde, 0xf3, 0x6e, 0x95,
+- 0x6e, 0x97,
+- /* order */
+- 0x36, 0xDF, 0x0A, 0xAF, 0xD8, 0xB8, 0xD7, 0x59, 0x7C, 0xA1, 0x05, 0x20,
+- 0xD0, 0x4B
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 16 * 6];
+-} _EC_SECG_PRIME_128R1 = {
+- {
+- NID_X9_62_prime_field, 20, 16, 1
+- },
+- {
+- /* seed */
+- 0x00, 0x0E, 0x0D, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75,
+- 0x0C, 0xC0, 0x3A, 0x44, 0x73, 0xD0, 0x36, 0x79,
+- /* p */
+- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFF,
+- /* a */
+- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFC,
+- /* b */
+- 0xE8, 0x75, 0x79, 0xC1, 0x10, 0x79, 0xF4, 0x3D, 0xD8, 0x24, 0x99, 0x3C,
+- 0x2C, 0xEE, 0x5E, 0xD3,
+- /* x */
+- 0x16, 0x1F, 0xF7, 0x52, 0x8B, 0x89, 0x9B, 0x2D, 0x0C, 0x28, 0x60, 0x7C,
+- 0xA5, 0x2C, 0x5B, 0x86,
+- /* y */
+- 0xcf, 0x5a, 0xc8, 0x39, 0x5b, 0xaf, 0xeb, 0x13, 0xc0, 0x2d, 0xa2, 0x92,
+- 0xdd, 0xed, 0x7a, 0x83,
+- /* order */
+- 0xFF, 0xFF, 0xFF, 0xFE, 0x00, 0x00, 0x00, 0x00, 0x75, 0xA3, 0x0D, 0x1B,
+- 0x90, 0x38, 0xA1, 0x15
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 16 * 6];
+-} _EC_SECG_PRIME_128R2 = {
+- {
+- NID_X9_62_prime_field, 20, 16, 4
+- },
+- {
+- /* seed */
+- 0x00, 0x4D, 0x69, 0x6E, 0x67, 0x68, 0x75, 0x61, 0x51, 0x75, 0x12, 0xD8,
+- 0xF0, 0x34, 0x31, 0xFC, 0xE6, 0x3B, 0x88, 0xF4,
+- /* p */
+- 0xFF, 0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFF,
+- /* a */
+- 0xD6, 0x03, 0x19, 0x98, 0xD1, 0xB3, 0xBB, 0xFE, 0xBF, 0x59, 0xCC, 0x9B,
+- 0xBF, 0xF9, 0xAE, 0xE1,
+- /* b */
+- 0x5E, 0xEE, 0xFC, 0xA3, 0x80, 0xD0, 0x29, 0x19, 0xDC, 0x2C, 0x65, 0x58,
+- 0xBB, 0x6D, 0x8A, 0x5D,
+- /* x */
+- 0x7B, 0x6A, 0xA5, 0xD8, 0x5E, 0x57, 0x29, 0x83, 0xE6, 0xFB, 0x32, 0xA7,
+- 0xCD, 0xEB, 0xC1, 0x40,
+- /* y */
+- 0x27, 0xb6, 0x91, 0x6a, 0x89, 0x4d, 0x3a, 0xee, 0x71, 0x06, 0xfe, 0x80,
+- 0x5f, 0xc3, 0x4b, 0x44,
+- /* order */
+- 0x3F, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF, 0xBE, 0x00, 0x24, 0x72,
+- 0x06, 0x13, 0xB5, 0xA3
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 21 * 6];
+-} _EC_SECG_PRIME_160K1 = {
+- {
+- NID_X9_62_prime_field, 0, 21, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73,
+- /* a */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- /* b */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07,
+- /* x */
+- 0x00, 0x3B, 0x4C, 0x38, 0x2C, 0xE3, 0x7A, 0xA1, 0x92, 0xA4, 0x01, 0x9E,
+- 0x76, 0x30, 0x36, 0xF4, 0xF5, 0xDD, 0x4D, 0x7E, 0xBB,
+- /* y */
+- 0x00, 0x93, 0x8c, 0xf9, 0x35, 0x31, 0x8f, 0xdc, 0xed, 0x6b, 0xc2, 0x82,
+- 0x86, 0x53, 0x17, 0x33, 0xc3, 0xf0, 0x3c, 0x4f, 0xee,
+- /* order */
+- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xB8,
+- 0xFA, 0x16, 0xDF, 0xAB, 0x9A, 0xCA, 0x16, 0xB6, 0xB3
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 21 * 6];
+-} _EC_SECG_PRIME_160R1 = {
+- {
+- NID_X9_62_prime_field, 20, 21, 1
+- },
+- {
+- /* seed */
+- 0x10, 0x53, 0xCD, 0xE4, 0x2C, 0x14, 0xD6, 0x96, 0xE6, 0x76, 0x87, 0x56,
+- 0x15, 0x17, 0x53, 0x3B, 0xF3, 0xF8, 0x33, 0x45,
+- /* p */
+- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFF,
+- /* a */
+- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x7F, 0xFF, 0xFF, 0xFC,
+- /* b */
+- 0x00, 0x1C, 0x97, 0xBE, 0xFC, 0x54, 0xBD, 0x7A, 0x8B, 0x65, 0xAC, 0xF8,
+- 0x9F, 0x81, 0xD4, 0xD4, 0xAD, 0xC5, 0x65, 0xFA, 0x45,
+- /* x */
+- 0x00, 0x4A, 0x96, 0xB5, 0x68, 0x8E, 0xF5, 0x73, 0x28, 0x46, 0x64, 0x69,
+- 0x89, 0x68, 0xC3, 0x8B, 0xB9, 0x13, 0xCB, 0xFC, 0x82,
+- /* y */
+- 0x00, 0x23, 0xa6, 0x28, 0x55, 0x31, 0x68, 0x94, 0x7d, 0x59, 0xdc, 0xc9,
+- 0x12, 0x04, 0x23, 0x51, 0x37, 0x7a, 0xc5, 0xfb, 0x32,
+- /* order */
+- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xF4,
+- 0xC8, 0xF9, 0x27, 0xAE, 0xD3, 0xCA, 0x75, 0x22, 0x57
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[20 + 21 * 6];
+-} _EC_SECG_PRIME_160R2 = {
+- {
+- NID_X9_62_prime_field, 20, 21, 1
+- },
+- {
+- /* seed */
+- 0xB9, 0x9B, 0x99, 0xB0, 0x99, 0xB3, 0x23, 0xE0, 0x27, 0x09, 0xA4, 0xD6,
+- 0x96, 0xE6, 0x76, 0x87, 0x56, 0x15, 0x17, 0x51,
+- /* p */
+- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x73,
+- /* a */
+- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xAC, 0x70,
+- /* b */
+- 0x00, 0xB4, 0xE1, 0x34, 0xD3, 0xFB, 0x59, 0xEB, 0x8B, 0xAB, 0x57, 0x27,
+- 0x49, 0x04, 0x66, 0x4D, 0x5A, 0xF5, 0x03, 0x88, 0xBA,
+- /* x */
+- 0x00, 0x52, 0xDC, 0xB0, 0x34, 0x29, 0x3A, 0x11, 0x7E, 0x1F, 0x4F, 0xF1,
+- 0x1B, 0x30, 0xF7, 0x19, 0x9D, 0x31, 0x44, 0xCE, 0x6D,
+- /* y */
+- 0x00, 0xfe, 0xaf, 0xfe, 0xf2, 0xe3, 0x31, 0xf2, 0x96, 0xe0, 0x71, 0xfa,
+- 0x0d, 0xf9, 0x98, 0x2c, 0xfe, 0xa7, 0xd4, 0x3f, 0x2e,
+- /* order */
+- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x35,
+- 0x1E, 0xE7, 0x86, 0xA8, 0x18, 0xF3, 0xA1, 0xA1, 0x6B
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 24 * 6];
+-} _EC_SECG_PRIME_192K1 = {
+- {
+- NID_X9_62_prime_field, 0, 24, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xEE, 0x37,
+- /* a */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- /* b */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+- /* x */
+- 0xDB, 0x4F, 0xF1, 0x0E, 0xC0, 0x57, 0xE9, 0xAE, 0x26, 0xB0, 0x7D, 0x02,
+- 0x80, 0xB7, 0xF4, 0x34, 0x1D, 0xA5, 0xD1, 0xB1, 0xEA, 0xE0, 0x6C, 0x7D,
+- /* y */
+- 0x9b, 0x2f, 0x2f, 0x6d, 0x9c, 0x56, 0x28, 0xa7, 0x84, 0x41, 0x63, 0xd0,
+- 0x15, 0xbe, 0x86, 0x34, 0x40, 0x82, 0xaa, 0x88, 0xd9, 0x5e, 0x2f, 0x9d,
+- /* order */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFE,
+- 0x26, 0xF2, 0xFC, 0x17, 0x0F, 0x69, 0x46, 0x6A, 0x74, 0xDE, 0xFD, 0x8D
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 29 * 6];
+-} _EC_SECG_PRIME_224K1 = {
+- {
+- NID_X9_62_prime_field, 0, 29, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFE, 0xFF, 0xFF, 0xE5, 0x6D,
+- /* a */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00,
+- /* b */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x05,
+- /* x */
+- 0x00, 0xA1, 0x45, 0x5B, 0x33, 0x4D, 0xF0, 0x99, 0xDF, 0x30, 0xFC, 0x28,
+- 0xA1, 0x69, 0xA4, 0x67, 0xE9, 0xE4, 0x70, 0x75, 0xA9, 0x0F, 0x7E, 0x65,
+- 0x0E, 0xB6, 0xB7, 0xA4, 0x5C,
+- /* y */
+- 0x00, 0x7e, 0x08, 0x9f, 0xed, 0x7f, 0xba, 0x34, 0x42, 0x82, 0xca, 0xfb,
+- 0xd6, 0xf7, 0xe3, 0x19, 0xf7, 0xc0, 0xb0, 0xbd, 0x59, 0xe2, 0xca, 0x4b,
+- 0xdb, 0x55, 0x6d, 0x61, 0xa5,
+- /* order */
+- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x01, 0xDC, 0xE8, 0xD2, 0xEC, 0x61, 0x84, 0xCA, 0xF0, 0xA9,
+- 0x71, 0x76, 0x9F, 0xB1, 0xF7
+- }
+-};
+-
+ static const struct {
+ EC_CURVE_DATA h;
+ unsigned char data[0 + 32 * 6];
+@@ -753,102 +252,6 @@ static const struct {
+ }
+ };
+
+-/* some wap/wtls curves */
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 15 * 6];
+-} _EC_WTLS_8 = {
+- {
+- NID_X9_62_prime_field, 0, 15, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFD, 0xE7,
+- /* a */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00,
+- /* b */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x03,
+- /* x */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x01,
+- /* y */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x02,
+- /* order */
+- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xEC, 0xEA, 0x55, 0x1A,
+- 0xD8, 0x37, 0xE9
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 21 * 6];
+-} _EC_WTLS_9 = {
+- {
+- NID_X9_62_prime_field, 0, 21, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFC, 0x80, 0x8F,
+- /* a */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- /* b */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+- /* x */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+- /* y */
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02,
+- /* order */
+- 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xCD,
+- 0xC9, 0x8A, 0xE0, 0xE2, 0xDE, 0x57, 0x4A, 0xBF, 0x33
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 28 * 6];
+-} _EC_WTLS_12 = {
+- {
+- NID_X9_62_prime_field, 0, 28, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+- 0x00, 0x00, 0x00, 0x01,
+- /* a */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0xFF, 0xFE,
+- /* b */
+- 0xB4, 0x05, 0x0A, 0x85, 0x0C, 0x04, 0xB3, 0xAB, 0xF5, 0x41, 0x32, 0x56,
+- 0x50, 0x44, 0xB0, 0xB7, 0xD7, 0xBF, 0xD8, 0xBA, 0x27, 0x0B, 0x39, 0x43,
+- 0x23, 0x55, 0xFF, 0xB4,
+- /* x */
+- 0xB7, 0x0E, 0x0C, 0xBD, 0x6B, 0xB4, 0xBF, 0x7F, 0x32, 0x13, 0x90, 0xB9,
+- 0x4A, 0x03, 0xC1, 0xD3, 0x56, 0xC2, 0x11, 0x22, 0x34, 0x32, 0x80, 0xD6,
+- 0x11, 0x5C, 0x1D, 0x21,
+- /* y */
+- 0xbd, 0x37, 0x63, 0x88, 0xb5, 0xf7, 0x23, 0xfb, 0x4c, 0x22, 0xdf, 0xe6,
+- 0xcd, 0x43, 0x75, 0xa0, 0x5a, 0x07, 0x47, 0x64, 0x44, 0xd5, 0x81, 0x99,
+- 0x85, 0x00, 0x7e, 0x34,
+- /* order */
+- 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+- 0xFF, 0xFF, 0x16, 0xA2, 0xE0, 0xB8, 0xF0, 0x3E, 0x13, 0xDD, 0x29, 0x45,
+- 0x5C, 0x5C, 0x2A, 0x3D
+- }
+-};
+ #endif /* FIPS_MODULE */
+
+ #ifndef OPENSSL_NO_EC2M
+@@ -2244,198 +1647,6 @@ static const struct {
+ */
+
+ #ifndef FIPS_MODULE
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 20 * 6];
+-} _EC_brainpoolP160r1 = {
+- {
+- NID_X9_62_prime_field, 0, 20, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
+- /* a */
+- 0x34, 0x0E, 0x7B, 0xE2, 0xA2, 0x80, 0xEB, 0x74, 0xE2, 0xBE, 0x61, 0xBA,
+- 0xDA, 0x74, 0x5D, 0x97, 0xE8, 0xF7, 0xC3, 0x00,
+- /* b */
+- 0x1E, 0x58, 0x9A, 0x85, 0x95, 0x42, 0x34, 0x12, 0x13, 0x4F, 0xAA, 0x2D,
+- 0xBD, 0xEC, 0x95, 0xC8, 0xD8, 0x67, 0x5E, 0x58,
+- /* x */
+- 0xBE, 0xD5, 0xAF, 0x16, 0xEA, 0x3F, 0x6A, 0x4F, 0x62, 0x93, 0x8C, 0x46,
+- 0x31, 0xEB, 0x5A, 0xF7, 0xBD, 0xBC, 0xDB, 0xC3,
+- /* y */
+- 0x16, 0x67, 0xCB, 0x47, 0x7A, 0x1A, 0x8E, 0xC3, 0x38, 0xF9, 0x47, 0x41,
+- 0x66, 0x9C, 0x97, 0x63, 0x16, 0xDA, 0x63, 0x21,
+- /* order */
+- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
+- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 20 * 6];
+-} _EC_brainpoolP160t1 = {
+- {
+- NID_X9_62_prime_field, 0, 20, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0F,
+- /* a */
+- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0xC7, 0xAD,
+- 0x95, 0xB3, 0xD8, 0x13, 0x95, 0x15, 0x62, 0x0C,
+- /* b */
+- 0x7A, 0x55, 0x6B, 0x6D, 0xAE, 0x53, 0x5B, 0x7B, 0x51, 0xED, 0x2C, 0x4D,
+- 0x7D, 0xAA, 0x7A, 0x0B, 0x5C, 0x55, 0xF3, 0x80,
+- /* x */
+- 0xB1, 0x99, 0xB1, 0x3B, 0x9B, 0x34, 0xEF, 0xC1, 0x39, 0x7E, 0x64, 0xBA,
+- 0xEB, 0x05, 0xAC, 0xC2, 0x65, 0xFF, 0x23, 0x78,
+- /* y */
+- 0xAD, 0xD6, 0x71, 0x8B, 0x7C, 0x7C, 0x19, 0x61, 0xF0, 0x99, 0x1B, 0x84,
+- 0x24, 0x43, 0x77, 0x21, 0x52, 0xC9, 0xE0, 0xAD,
+- /* order */
+- 0xE9, 0x5E, 0x4A, 0x5F, 0x73, 0x70, 0x59, 0xDC, 0x60, 0xDF, 0x59, 0x91,
+- 0xD4, 0x50, 0x29, 0x40, 0x9E, 0x60, 0xFC, 0x09
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 24 * 6];
+-} _EC_brainpoolP192r1 = {
+- {
+- NID_X9_62_prime_field, 0, 24, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
+- /* a */
+- 0x6A, 0x91, 0x17, 0x40, 0x76, 0xB1, 0xE0, 0xE1, 0x9C, 0x39, 0xC0, 0x31,
+- 0xFE, 0x86, 0x85, 0xC1, 0xCA, 0xE0, 0x40, 0xE5, 0xC6, 0x9A, 0x28, 0xEF,
+- /* b */
+- 0x46, 0x9A, 0x28, 0xEF, 0x7C, 0x28, 0xCC, 0xA3, 0xDC, 0x72, 0x1D, 0x04,
+- 0x4F, 0x44, 0x96, 0xBC, 0xCA, 0x7E, 0xF4, 0x14, 0x6F, 0xBF, 0x25, 0xC9,
+- /* x */
+- 0xC0, 0xA0, 0x64, 0x7E, 0xAA, 0xB6, 0xA4, 0x87, 0x53, 0xB0, 0x33, 0xC5,
+- 0x6C, 0xB0, 0xF0, 0x90, 0x0A, 0x2F, 0x5C, 0x48, 0x53, 0x37, 0x5F, 0xD6,
+- /* y */
+- 0x14, 0xB6, 0x90, 0x86, 0x6A, 0xBD, 0x5B, 0xB8, 0x8B, 0x5F, 0x48, 0x28,
+- 0xC1, 0x49, 0x00, 0x02, 0xE6, 0x77, 0x3F, 0xA2, 0xFA, 0x29, 0x9B, 0x8F,
+- /* order */
+- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
+- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 24 * 6];
+-} _EC_brainpoolP192t1 = {
+- {
+- NID_X9_62_prime_field, 0, 24, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x97,
+- /* a */
+- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x30,
+- 0x93, 0xD1, 0x8D, 0xB7, 0x8F, 0xCE, 0x47, 0x6D, 0xE1, 0xA8, 0x62, 0x94,
+- /* b */
+- 0x13, 0xD5, 0x6F, 0xFA, 0xEC, 0x78, 0x68, 0x1E, 0x68, 0xF9, 0xDE, 0xB4,
+- 0x3B, 0x35, 0xBE, 0xC2, 0xFB, 0x68, 0x54, 0x2E, 0x27, 0x89, 0x7B, 0x79,
+- /* x */
+- 0x3A, 0xE9, 0xE5, 0x8C, 0x82, 0xF6, 0x3C, 0x30, 0x28, 0x2E, 0x1F, 0xE7,
+- 0xBB, 0xF4, 0x3F, 0xA7, 0x2C, 0x44, 0x6A, 0xF6, 0xF4, 0x61, 0x81, 0x29,
+- /* y */
+- 0x09, 0x7E, 0x2C, 0x56, 0x67, 0xC2, 0x22, 0x3A, 0x90, 0x2A, 0xB5, 0xCA,
+- 0x44, 0x9D, 0x00, 0x84, 0xB7, 0xE5, 0xB3, 0xDE, 0x7C, 0xCC, 0x01, 0xC9,
+- /* order */
+- 0xC3, 0x02, 0xF4, 0x1D, 0x93, 0x2A, 0x36, 0xCD, 0xA7, 0xA3, 0x46, 0x2F,
+- 0x9E, 0x9E, 0x91, 0x6B, 0x5B, 0xE8, 0xF1, 0x02, 0x9A, 0xC4, 0xAC, 0xC1
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 28 * 6];
+-} _EC_brainpoolP224r1 = {
+- {
+- NID_X9_62_prime_field, 0, 28, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+- 0x7E, 0xC8, 0xC0, 0xFF,
+- /* a */
+- 0x68, 0xA5, 0xE6, 0x2C, 0xA9, 0xCE, 0x6C, 0x1C, 0x29, 0x98, 0x03, 0xA6,
+- 0xC1, 0x53, 0x0B, 0x51, 0x4E, 0x18, 0x2A, 0xD8, 0xB0, 0x04, 0x2A, 0x59,
+- 0xCA, 0xD2, 0x9F, 0x43,
+- /* b */
+- 0x25, 0x80, 0xF6, 0x3C, 0xCF, 0xE4, 0x41, 0x38, 0x87, 0x07, 0x13, 0xB1,
+- 0xA9, 0x23, 0x69, 0xE3, 0x3E, 0x21, 0x35, 0xD2, 0x66, 0xDB, 0xB3, 0x72,
+- 0x38, 0x6C, 0x40, 0x0B,
+- /* x */
+- 0x0D, 0x90, 0x29, 0xAD, 0x2C, 0x7E, 0x5C, 0xF4, 0x34, 0x08, 0x23, 0xB2,
+- 0xA8, 0x7D, 0xC6, 0x8C, 0x9E, 0x4C, 0xE3, 0x17, 0x4C, 0x1E, 0x6E, 0xFD,
+- 0xEE, 0x12, 0xC0, 0x7D,
+- /* y */
+- 0x58, 0xAA, 0x56, 0xF7, 0x72, 0xC0, 0x72, 0x6F, 0x24, 0xC6, 0xB8, 0x9E,
+- 0x4E, 0xCD, 0xAC, 0x24, 0x35, 0x4B, 0x9E, 0x99, 0xCA, 0xA3, 0xF6, 0xD3,
+- 0x76, 0x14, 0x02, 0xCD,
+- /* order */
+- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
+- 0xA5, 0xA7, 0x93, 0x9F
+- }
+-};
+-
+-static const struct {
+- EC_CURVE_DATA h;
+- unsigned char data[0 + 28 * 6];
+-} _EC_brainpoolP224t1 = {
+- {
+- NID_X9_62_prime_field, 0, 28, 1
+- },
+- {
+- /* no seed */
+- /* p */
+- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+- 0x7E, 0xC8, 0xC0, 0xFF,
+- /* a */
+- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+- 0x75, 0xD1, 0xD7, 0x87, 0xB0, 0x9F, 0x07, 0x57, 0x97, 0xDA, 0x89, 0xF5,
+- 0x7E, 0xC8, 0xC0, 0xFC,
+- /* b */
+- 0x4B, 0x33, 0x7D, 0x93, 0x41, 0x04, 0xCD, 0x7B, 0xEF, 0x27, 0x1B, 0xF6,
+- 0x0C, 0xED, 0x1E, 0xD2, 0x0D, 0xA1, 0x4C, 0x08, 0xB3, 0xBB, 0x64, 0xF1,
+- 0x8A, 0x60, 0x88, 0x8D,
+- /* x */
+- 0x6A, 0xB1, 0xE3, 0x44, 0xCE, 0x25, 0xFF, 0x38, 0x96, 0x42, 0x4E, 0x7F,
+- 0xFE, 0x14, 0x76, 0x2E, 0xCB, 0x49, 0xF8, 0x92, 0x8A, 0xC0, 0xC7, 0x60,
+- 0x29, 0xB4, 0xD5, 0x80,
+- /* y */
+- 0x03, 0x74, 0xE9, 0xF5, 0x14, 0x3E, 0x56, 0x8C, 0xD2, 0x3F, 0x3F, 0x4D,
+- 0x7C, 0x0D, 0x4B, 0x1E, 0x41, 0xC8, 0xCC, 0x0D, 0x1C, 0x6A, 0xBD, 0x5F,
+- 0x1A, 0x46, 0xDB, 0x4C,
+- /* order */
+- 0xD7, 0xC1, 0x34, 0xAA, 0x26, 0x43, 0x66, 0x86, 0x2A, 0x18, 0x30, 0x25,
+- 0x75, 0xD0, 0xFB, 0x98, 0xD1, 0x16, 0xBC, 0x4B, 0x6D, 0xDE, 0xBC, 0xA3,
+- 0xA5, 0xA7, 0x93, 0x9F
+- }
+-};
+-
+ static const struct {
+ EC_CURVE_DATA h;
+ unsigned char data[0 + 32 * 6];
+@@ -2864,8 +2075,6 @@ static const ec_list_element curve_list[] = {
+ "NIST/SECG curve over a 521 bit prime field"},
+
+ /* X9.62 curves */
+- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
+- "NIST/X9.62/SECG curve over a 192 bit prime field"},
+ {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+ # if defined(ECP_NISTZ256_ASM)
+ EC_GFp_nistz256_method,
+@@ -2909,25 +2118,6 @@ static const ec_list_element curve_list[] = {
+ static const ec_list_element curve_list[] = {
+ /* prime field curves */
+ /* secg curves */
+- {NID_secp112r1, &_EC_SECG_PRIME_112R1.h, 0,
+- "SECG/WTLS curve over a 112 bit prime field"},
+- {NID_secp112r2, &_EC_SECG_PRIME_112R2.h, 0,
+- "SECG curve over a 112 bit prime field"},
+- {NID_secp128r1, &_EC_SECG_PRIME_128R1.h, 0,
+- "SECG curve over a 128 bit prime field"},
+- {NID_secp128r2, &_EC_SECG_PRIME_128R2.h, 0,
+- "SECG curve over a 128 bit prime field"},
+- {NID_secp160k1, &_EC_SECG_PRIME_160K1.h, 0,
+- "SECG curve over a 160 bit prime field"},
+- {NID_secp160r1, &_EC_SECG_PRIME_160R1.h, 0,
+- "SECG curve over a 160 bit prime field"},
+- {NID_secp160r2, &_EC_SECG_PRIME_160R2.h, 0,
+- "SECG/WTLS curve over a 160 bit prime field"},
+- /* SECG secp192r1 is the same as X9.62 prime192v1 and hence omitted */
+- {NID_secp192k1, &_EC_SECG_PRIME_192K1.h, 0,
+- "SECG curve over a 192 bit prime field"},
+- {NID_secp224k1, &_EC_SECG_PRIME_224K1.h, 0,
+- "SECG curve over a 224 bit prime field"},
+ # ifndef OPENSSL_NO_EC_NISTP_64_GCC_128
+ {NID_secp224r1, &_EC_NIST_PRIME_224.h, EC_GFp_nistp224_method,
+ "NIST/SECG curve over a 224 bit prime field"},
+@@ -2957,18 +2147,6 @@ static const ec_list_element curve_list[] = {
+ # endif
+ "NIST/SECG curve over a 521 bit prime field"},
+ /* X9.62 curves */
+- {NID_X9_62_prime192v1, &_EC_NIST_PRIME_192.h, 0,
+- "NIST/X9.62/SECG curve over a 192 bit prime field"},
+- {NID_X9_62_prime192v2, &_EC_X9_62_PRIME_192V2.h, 0,
+- "X9.62 curve over a 192 bit prime field"},
+- {NID_X9_62_prime192v3, &_EC_X9_62_PRIME_192V3.h, 0,
+- "X9.62 curve over a 192 bit prime field"},
+- {NID_X9_62_prime239v1, &_EC_X9_62_PRIME_239V1.h, 0,
+- "X9.62 curve over a 239 bit prime field"},
+- {NID_X9_62_prime239v2, &_EC_X9_62_PRIME_239V2.h, 0,
+- "X9.62 curve over a 239 bit prime field"},
+- {NID_X9_62_prime239v3, &_EC_X9_62_PRIME_239V3.h, 0,
+- "X9.62 curve over a 239 bit prime field"},
+ {NID_X9_62_prime256v1, &_EC_X9_62_PRIME_256V1.h,
+ # if defined(ECP_NISTZ256_ASM)
+ EC_GFp_nistz256_method,
+@@ -3065,22 +2243,12 @@ static const ec_list_element curve_list[] = {
+ {NID_wap_wsg_idm_ecid_wtls5, &_EC_X9_62_CHAR2_163V1.h, 0,
+ "X9.62 curve over a 163 bit binary field"},
+ # endif
+- {NID_wap_wsg_idm_ecid_wtls6, &_EC_SECG_PRIME_112R1.h, 0,
+- "SECG/WTLS curve over a 112 bit prime field"},
+- {NID_wap_wsg_idm_ecid_wtls7, &_EC_SECG_PRIME_160R2.h, 0,
+- "SECG/WTLS curve over a 160 bit prime field"},
+- {NID_wap_wsg_idm_ecid_wtls8, &_EC_WTLS_8.h, 0,
+- "WTLS curve over a 112 bit prime field"},
+- {NID_wap_wsg_idm_ecid_wtls9, &_EC_WTLS_9.h, 0,
+- "WTLS curve over a 160 bit prime field"},
+ # ifndef OPENSSL_NO_EC2M
+ {NID_wap_wsg_idm_ecid_wtls10, &_EC_NIST_CHAR2_233K.h, 0,
+ "NIST/SECG/WTLS curve over a 233 bit binary field"},
+ {NID_wap_wsg_idm_ecid_wtls11, &_EC_NIST_CHAR2_233B.h, 0,
+ "NIST/SECG/WTLS curve over a 233 bit binary field"},
+ # endif
+- {NID_wap_wsg_idm_ecid_wtls12, &_EC_WTLS_12.h, 0,
+- "WTLS curve over a 224 bit prime field"},
+ # ifndef OPENSSL_NO_EC2M
+ /* IPSec curves */
+ {NID_ipsec3, &_EC_IPSEC_155_ID3.h, 0,
+@@ -3091,18 +2259,6 @@ static const ec_list_element curve_list[] = {
+ "\tNot suitable for ECDSA.\n\tQuestionable extension field!"},
+ # endif
+ /* brainpool curves */
+- {NID_brainpoolP160r1, &_EC_brainpoolP160r1.h, 0,
+- "RFC 5639 curve over a 160 bit prime field"},
+- {NID_brainpoolP160t1, &_EC_brainpoolP160t1.h, 0,
+- "RFC 5639 curve over a 160 bit prime field"},
+- {NID_brainpoolP192r1, &_EC_brainpoolP192r1.h, 0,
+- "RFC 5639 curve over a 192 bit prime field"},
+- {NID_brainpoolP192t1, &_EC_brainpoolP192t1.h, 0,
+- "RFC 5639 curve over a 192 bit prime field"},
+- {NID_brainpoolP224r1, &_EC_brainpoolP224r1.h, 0,
+- "RFC 5639 curve over a 224 bit prime field"},
+- {NID_brainpoolP224t1, &_EC_brainpoolP224t1.h, 0,
+- "RFC 5639 curve over a 224 bit prime field"},
+ {NID_brainpoolP256r1, &_EC_brainpoolP256r1.h, 0,
+ "RFC 5639 curve over a 256 bit prime field"},
+ {NID_brainpoolP256t1, &_EC_brainpoolP256t1.h, 0,
+diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c
+index 1ec10143d2..82b95294b4 100644
+--- a/crypto/evp/ec_support.c
++++ b/crypto/evp/ec_support.c
+@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st {
+ static const EC_NAME2NID curve_list[] = {
+ /* prime field curves */
+ /* secg curves */
+- {"secp112r1", NID_secp112r1 },
+- {"secp112r2", NID_secp112r2 },
+- {"secp128r1", NID_secp128r1 },
+- {"secp128r2", NID_secp128r2 },
+- {"secp160k1", NID_secp160k1 },
+- {"secp160r1", NID_secp160r1 },
+- {"secp160r2", NID_secp160r2 },
+- {"secp192k1", NID_secp192k1 },
+- {"secp224k1", NID_secp224k1 },
+ {"secp224r1", NID_secp224r1 },
+ {"secp256k1", NID_secp256k1 },
+ {"secp384r1", NID_secp384r1 },
+ {"secp521r1", NID_secp521r1 },
+ /* X9.62 curves */
+- {"prime192v1", NID_X9_62_prime192v1 },
+- {"prime192v2", NID_X9_62_prime192v2 },
+- {"prime192v3", NID_X9_62_prime192v3 },
+- {"prime239v1", NID_X9_62_prime239v1 },
+- {"prime239v2", NID_X9_62_prime239v2 },
+- {"prime239v3", NID_X9_62_prime239v3 },
+ {"prime256v1", NID_X9_62_prime256v1 },
+ /* characteristic two field curves */
+ /* NIST/SECG curves */
+- {"sect113r1", NID_sect113r1 },
+- {"sect113r2", NID_sect113r2 },
+- {"sect131r1", NID_sect131r1 },
+- {"sect131r2", NID_sect131r2 },
+- {"sect163k1", NID_sect163k1 },
+- {"sect163r1", NID_sect163r1 },
+- {"sect163r2", NID_sect163r2 },
+- {"sect193r1", NID_sect193r1 },
+- {"sect193r2", NID_sect193r2 },
+- {"sect233k1", NID_sect233k1 },
+- {"sect233r1", NID_sect233r1 },
+- {"sect239k1", NID_sect239k1 },
+- {"sect283k1", NID_sect283k1 },
+- {"sect283r1", NID_sect283r1 },
+- {"sect409k1", NID_sect409k1 },
+- {"sect409r1", NID_sect409r1 },
+- {"sect571k1", NID_sect571k1 },
+- {"sect571r1", NID_sect571r1 },
+- /* X9.62 curves */
+- {"c2pnb163v1", NID_X9_62_c2pnb163v1 },
+- {"c2pnb163v2", NID_X9_62_c2pnb163v2 },
+- {"c2pnb163v3", NID_X9_62_c2pnb163v3 },
+- {"c2pnb176v1", NID_X9_62_c2pnb176v1 },
+- {"c2tnb191v1", NID_X9_62_c2tnb191v1 },
+- {"c2tnb191v2", NID_X9_62_c2tnb191v2 },
+- {"c2tnb191v3", NID_X9_62_c2tnb191v3 },
+- {"c2pnb208w1", NID_X9_62_c2pnb208w1 },
+- {"c2tnb239v1", NID_X9_62_c2tnb239v1 },
+- {"c2tnb239v2", NID_X9_62_c2tnb239v2 },
+- {"c2tnb239v3", NID_X9_62_c2tnb239v3 },
+- {"c2pnb272w1", NID_X9_62_c2pnb272w1 },
+- {"c2pnb304w1", NID_X9_62_c2pnb304w1 },
+- {"c2tnb359v1", NID_X9_62_c2tnb359v1 },
+- {"c2pnb368w1", NID_X9_62_c2pnb368w1 },
+- {"c2tnb431r1", NID_X9_62_c2tnb431r1 },
+- /*
+- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
+- * from X9.62]
+- */
+- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
+- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
+- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
+- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
+- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
+- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
+- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
+- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
+- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
+- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
+- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
+- /* IPSec curves */
+- {"Oakley-EC2N-3", NID_ipsec3 },
+- {"Oakley-EC2N-4", NID_ipsec4 },
+ /* brainpool curves */
+- {"brainpoolP160r1", NID_brainpoolP160r1 },
+- {"brainpoolP160t1", NID_brainpoolP160t1 },
+- {"brainpoolP192r1", NID_brainpoolP192r1 },
+- {"brainpoolP192t1", NID_brainpoolP192t1 },
+- {"brainpoolP224r1", NID_brainpoolP224r1 },
+- {"brainpoolP224t1", NID_brainpoolP224t1 },
+ {"brainpoolP256r1", NID_brainpoolP256r1 },
+ {"brainpoolP256t1", NID_brainpoolP256t1 },
+ {"brainpoolP320r1", NID_brainpoolP320r1 },
+@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = {
+ {"brainpoolP384t1", NID_brainpoolP384t1 },
+ {"brainpoolP512r1", NID_brainpoolP512r1 },
+ {"brainpoolP512t1", NID_brainpoolP512t1 },
+- /* SM2 curve */
+- {"SM2", NID_sm2 },
+ };
+
+ const char *OSSL_EC_curve_nid2name(int nid)
+@@ -150,17 +74,6 @@ int ossl_ec_curve_name2nid(const char *name)
+ /* Functions to translate between common NIST curve names and NIDs */
+
+ static const EC_NAME2NID nist_curves[] = {
+- {"B-163", NID_sect163r2},
+- {"B-233", NID_sect233r1},
+- {"B-283", NID_sect283r1},
+- {"B-409", NID_sect409r1},
+- {"B-571", NID_sect571r1},
+- {"K-163", NID_sect163k1},
+- {"K-233", NID_sect233k1},
+- {"K-283", NID_sect283k1},
+- {"K-409", NID_sect409k1},
+- {"K-571", NID_sect571k1},
+- {"P-192", NID_X9_62_prime192v1},
+ {"P-224", NID_secp224r1},
+ {"P-256", NID_X9_62_prime256v1},
+ {"P-384", NID_secp384r1},
+diff --git a/test/acvp_test.inc b/test/acvp_test.inc
+index 67787f3740..97ec1ff3e5 100644
+--- a/test/acvp_test.inc
++++ b/test/acvp_test.inc
+@@ -217,15 +217,6 @@ static const unsigned char ecdsa_sigver_s1[] = {
+ 0xB1, 0xAC,
+ };
+ static const struct ecdsa_sigver_st ecdsa_sigver_data[] = {
+- {
+- "SHA-1",
+- "P-192",
+- ITM(ecdsa_sigver_msg0),
+- ITM(ecdsa_sigver_pub0),
+- ITM(ecdsa_sigver_r0),
+- ITM(ecdsa_sigver_s0),
+- PASS,
+- },
+ {
+ "SHA2-512",
+ "P-521",
+diff --git a/test/ecdsatest.h b/test/ecdsatest.h
+index 63fe319025..06b5c0aac5 100644
+--- a/test/ecdsatest.h
++++ b/test/ecdsatest.h
+@@ -32,23 +32,6 @@ typedef struct {
+ } ecdsa_cavs_kat_t;
+
+ static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
+- /* prime KATs from X9.62 */
+- {NID_X9_62_prime192v1, NID_sha1,
+- "616263", /* "abc" */
+- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
+- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
+- "5ca5c0d69716dfcb3474373902",
+- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
+- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
+- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
+- {NID_X9_62_prime239v1, NID_sha1,
+- "616263", /* "abc" */
+- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
+- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
+- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
+- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
+- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
+- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
+ /* prime KATs from NIST CAVP */
+ {NID_secp224r1, NID_sha224,
+ "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
+diff --git a/test/ectest.c b/test/ectest.c
+index 70df89ee2f..0ddbba3b98 100644
+--- a/test/ectest.c
++++ b/test/ectest.c
+@@ -175,184 +175,26 @@ static int prime_field_tests(void)
+ || !TEST_ptr(p = BN_new())
+ || !TEST_ptr(a = BN_new())
+ || !TEST_ptr(b = BN_new())
+- || !TEST_true(BN_hex2bn(&p, "17"))
+- || !TEST_true(BN_hex2bn(&a, "1"))
+- || !TEST_true(BN_hex2bn(&b, "1"))
+- || !TEST_ptr(group = EC_GROUP_new_curve_GFp(p, a, b, ctx))
+- || !TEST_true(EC_GROUP_get_curve(group, p, a, b, ctx)))
++ /*
++ * applications should use EC_GROUP_new_curve_GFp so
++ * that the library gets to choose the EC_METHOD
++ */
++ || !TEST_ptr(group = EC_GROUP_new(EC_GFp_mont_method())))
+ goto err;
+
+- TEST_info("Curve defined by Weierstrass equation");
+- TEST_note(" y^2 = x^3 + a*x + b (mod p)");
+- test_output_bignum("a", a);
+- test_output_bignum("b", b);
+- test_output_bignum("p", p);
+-
+ buf[0] = 0;
+ if (!TEST_ptr(P = EC_POINT_new(group))
+ || !TEST_ptr(Q = EC_POINT_new(group))
+ || !TEST_ptr(R = EC_POINT_new(group))
+- || !TEST_true(EC_POINT_set_to_infinity(group, P))
+- || !TEST_true(EC_POINT_is_at_infinity(group, P))
+- || !TEST_true(EC_POINT_oct2point(group, Q, buf, 1, ctx))
+- || !TEST_true(EC_POINT_add(group, P, P, Q, ctx))
+- || !TEST_true(EC_POINT_is_at_infinity(group, P))
+ || !TEST_ptr(x = BN_new())
+ || !TEST_ptr(y = BN_new())
+ || !TEST_ptr(z = BN_new())
+- || !TEST_ptr(yplusone = BN_new())
+- || !TEST_true(BN_hex2bn(&x, "D"))
+- || !TEST_true(EC_POINT_set_compressed_coordinates(group, Q, x, 1, ctx)))
+- goto err;
+-
+- if (!TEST_int_gt(EC_POINT_is_on_curve(group, Q, ctx), 0)) {
+- if (!TEST_true(EC_POINT_get_affine_coordinates(group, Q, x, y, ctx)))
+- goto err;
+- TEST_info("Point is not on curve");
+- test_output_bignum("x", x);
+- test_output_bignum("y", y);
+- goto err;
+- }
+-
+- TEST_note("A cyclic subgroup:");
+- k = 100;
+- do {
+- if (!TEST_int_ne(k--, 0))
+- goto err;
+-
+- if (EC_POINT_is_at_infinity(group, P)) {
+- TEST_note(" point at infinity");
+- } else {
+- if (!TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y,
+- ctx)))
+- goto err;
+-
+- test_output_bignum("x", x);
+- test_output_bignum("y", y);
+- }
+-
+- if (!TEST_true(EC_POINT_copy(R, P))
+- || !TEST_true(EC_POINT_add(group, P, P, Q, ctx)))
+- goto err;
+-
+- } while (!EC_POINT_is_at_infinity(group, P));
+-
+- if (!TEST_true(EC_POINT_add(group, P, Q, R, ctx))
+- || !TEST_true(EC_POINT_is_at_infinity(group, P)))
+- goto err;
+-
+- len =
+- EC_POINT_point2oct(group, Q, POINT_CONVERSION_COMPRESSED, buf,
+- sizeof(buf), ctx);
+- if (!TEST_size_t_ne(len, 0)
+- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
+- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
+- goto err;
+- test_output_memory("Generator as octet string, compressed form:",
+- buf, len);
+-
+- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_UNCOMPRESSED,
+- buf, sizeof(buf), ctx);
+- if (!TEST_size_t_ne(len, 0)
+- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
+- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
+- goto err;
+- test_output_memory("Generator as octet string, uncompressed form:",
+- buf, len);
+-
+- len = EC_POINT_point2oct(group, Q, POINT_CONVERSION_HYBRID,
+- buf, sizeof(buf), ctx);
+- if (!TEST_size_t_ne(len, 0)
+- || !TEST_true(EC_POINT_oct2point(group, P, buf, len, ctx))
+- || !TEST_int_eq(0, EC_POINT_cmp(group, P, Q, ctx)))
+- goto err;
+- test_output_memory("Generator as octet string, hybrid form:",
+- buf, len);
+-
+- if (!TEST_true(EC_POINT_invert(group, P, ctx))
+- || !TEST_int_eq(0, EC_POINT_cmp(group, P, R, ctx))
+-
+- /*
+- * Curve secp160r1 (Certicom Research SEC 2 Version 1.0, section 2.4.2,
+- * 2000) -- not a NIST curve, but commonly used
+- */
+-
+- || !TEST_true(BN_hex2bn(&p, "FFFFFFFF"
+- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF"))
+- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
+- || !TEST_true(BN_hex2bn(&a, "FFFFFFFF"
+- "FFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC"))
+- || !TEST_true(BN_hex2bn(&b, "1C97BEFC"
+- "54BD7A8B65ACF89F81D4D4ADC565FA45"))
+- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
+- || !TEST_true(BN_hex2bn(&x, "4A96B568"
+- "8EF573284664698968C38BB913CBFC82"))
+- || !TEST_true(BN_hex2bn(&y, "23a62855"
+- "3168947d59dcc912042351377ac5fb32"))
+- || !TEST_true(BN_add(yplusone, y, BN_value_one()))
+- /*
+- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+- * and therefore setting the coordinates should fail.
+- */
+- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
+- ctx))
+- || !TEST_true(EC_POINT_set_affine_coordinates(group, P, x, y, ctx))
+- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
+- || !TEST_true(BN_hex2bn(&z, "0100000000"
+- "000000000001F4C8F927AED3CA752257"))
+- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
+- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
+- goto err;
+- TEST_info("SEC2 curve secp160r1 -- Generator");
+- test_output_bignum("x", x);
+- test_output_bignum("y", y);
+- /* G_y value taken from the standard: */
+- if (!TEST_true(BN_hex2bn(&z, "23a62855"
+- "3168947d59dcc912042351377ac5fb32"))
+- || !TEST_BN_eq(y, z)
+- || !TEST_int_eq(EC_GROUP_get_degree(group), 160)
+- || !group_order_tests(group)
+-
+- /* Curve P-192 (FIPS PUB 186-2, App. 6) */
+-
+- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFF"
+- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF"))
+- || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
+- || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFF"
+- "FFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC"))
+- || !TEST_true(BN_hex2bn(&b, "64210519E59C80E7"
+- "0FA7E9AB72243049FEB8DEECC146B9B1"))
+- || !TEST_true(EC_GROUP_set_curve(group, p, a, b, ctx))
+- || !TEST_true(BN_hex2bn(&x, "188DA80EB03090F6"
+- "7CBF20EB43A18800F4FF0AFD82FF1012"))
+- || !TEST_true(EC_POINT_set_compressed_coordinates(group, P, x, 1, ctx))
+- || !TEST_int_gt(EC_POINT_is_on_curve(group, P, ctx), 0)
+- || !TEST_true(BN_hex2bn(&z, "FFFFFFFFFFFFFFFF"
+- "FFFFFFFF99DEF836146BC9B1B4D22831"))
+- || !TEST_true(EC_GROUP_set_generator(group, P, z, BN_value_one()))
+- || !TEST_true(EC_POINT_get_affine_coordinates(group, P, x, y, ctx)))
++ || !TEST_ptr(yplusone = BN_new()))
+ goto err;
+
+- TEST_info("NIST curve P-192 -- Generator");
+- test_output_bignum("x", x);
+- test_output_bignum("y", y);
+- /* G_y value taken from the standard: */
+- if (!TEST_true(BN_hex2bn(&z, "07192B95FFC8DA78"
+- "631011ED6B24CDD573F977A11E794811"))
+- || !TEST_BN_eq(y, z)
+- || !TEST_true(BN_add(yplusone, y, BN_value_one()))
+- /*
+- * When (x, y) is on the curve, (x, y + 1) is, as it happens, not,
+- * and therefore setting the coordinates should fail.
+- */
+- || !TEST_false(EC_POINT_set_affine_coordinates(group, P, x, yplusone,
+- ctx))
+- || !TEST_int_eq(EC_GROUP_get_degree(group), 192)
+- || !group_order_tests(group)
+-
+ /* Curve P-224 (FIPS PUB 186-2, App. 6) */
+
+- || !TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
++ if (!TEST_true(BN_hex2bn(&p, "FFFFFFFFFFFFFFFFFFFFFFFF"
+ "FFFFFFFF000000000000000000000001"))
+ || !TEST_int_eq(1, BN_check_prime(p, ctx, NULL))
+ || !TEST_true(BN_hex2bn(&a, "FFFFFFFFFFFFFFFFFFFFFFFF"
+@@ -3128,7 +2970,7 @@ int setup_tests(void)
+
+ ADD_TEST(parameter_test);
+ ADD_TEST(ossl_parameter_test);
+- ADD_TEST(cofactor_range_test);
++ /* ADD_TEST(cofactor_range_test); */
+ ADD_ALL_TESTS(cardinality_test, crv_len);
+ ADD_TEST(prime_field_tests);
+ #ifndef OPENSSL_NO_EC2M
+diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t
+index 4d5090fa39..0a90a602d8 100644
+--- a/test/recipes/15-test_genec.t
++++ b/test/recipes/15-test_genec.t
+@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupported in a no-ec build"
+ if disabled("ec");
+
+ my @prime_curves = qw(
+- secp112r1
+- secp112r2
+- secp128r1
+- secp128r2
+- secp160k1
+- secp160r1
+- secp160r2
+- secp192k1
+- secp224k1
+ secp224r1
+ secp256k1
+ secp384r1
+ secp521r1
+- prime192v1
+- prime192v2
+- prime192v3
+- prime239v1
+- prime239v2
+- prime239v3
+ prime256v1
+- wap-wsg-idm-ecid-wtls6
+- wap-wsg-idm-ecid-wtls7
+- wap-wsg-idm-ecid-wtls8
+- wap-wsg-idm-ecid-wtls9
+- wap-wsg-idm-ecid-wtls12
+- brainpoolP160r1
+- brainpoolP160t1
+- brainpoolP192r1
+- brainpoolP192t1
+- brainpoolP224r1
+- brainpoolP224t1
+ brainpoolP256r1
+ brainpoolP256t1
+ brainpoolP320r1
+@@ -136,7 +110,6 @@ push(@other_curves, 'SM2')
+ if !disabled("sm2");
+
+ my @curve_aliases = qw(
+- P-192
+ P-224
+ P-256
+ P-384
+--
+2.48.1
+
diff --git a/0011-Remove-EC-curves.patch b/0011-Remove-EC-curves.patch
deleted file mode 100644
index 561714e..0000000
--- a/0011-Remove-EC-curves.patch
+++ /dev/null
@@ -1,279 +0,0 @@
-From 4a275f852b61238161c053774736dc07b3ade200 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 11:46:40 +0200
-Subject: [PATCH 11/48] 0011-Remove-EC-curves.patch
-
-Patch-name: 0011-Remove-EC-curves.patch
-Patch-id: 11
-Patch-status: |
- # remove unsupported EC curves
----
- apps/speed.c | 8 +---
- crypto/evp/ec_support.c | 87 ------------------------------------
- test/acvp_test.inc | 9 ----
- test/ecdsatest.h | 17 -------
- test/recipes/15-test_genec.t | 27 -----------
- 5 files changed, 1 insertion(+), 147 deletions(-)
-
-diff --git a/apps/speed.c b/apps/speed.c
-index cace25eda1..d527f12f18 100644
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -385,7 +385,7 @@ static double ffdh_results[FFDH_NUM][1]; /* 1 op: derivation */
- #endif /* OPENSSL_NO_DH */
-
- enum ec_curves_t {
-- R_EC_P160, R_EC_P192, R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
-+ R_EC_P224, R_EC_P256, R_EC_P384, R_EC_P521,
- #ifndef OPENSSL_NO_EC2M
- R_EC_K163, R_EC_K233, R_EC_K283, R_EC_K409, R_EC_K571,
- R_EC_B163, R_EC_B233, R_EC_B283, R_EC_B409, R_EC_B571,
-@@ -395,8 +395,6 @@ enum ec_curves_t {
- };
- /* list of ecdsa curves */
- static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
-- {"ecdsap160", R_EC_P160},
-- {"ecdsap192", R_EC_P192},
- {"ecdsap224", R_EC_P224},
- {"ecdsap256", R_EC_P256},
- {"ecdsap384", R_EC_P384},
-@@ -423,8 +421,6 @@ static const OPT_PAIR ecdsa_choices[ECDSA_NUM] = {
- };
- /* list of ecdh curves, extension of |ecdsa_choices| list above */
- static const OPT_PAIR ecdh_choices[EC_NUM] = {
-- {"ecdhp160", R_EC_P160},
-- {"ecdhp192", R_EC_P192},
- {"ecdhp224", R_EC_P224},
- {"ecdhp256", R_EC_P256},
- {"ecdhp384", R_EC_P384},
-@@ -1442,8 +1438,6 @@ int speed_main(int argc, char **argv)
- */
- static const EC_CURVE ec_curves[EC_NUM] = {
- /* Prime Curves */
-- {"secp160r1", NID_secp160r1, 160},
-- {"nistp192", NID_X9_62_prime192v1, 192},
- {"nistp224", NID_secp224r1, 224},
- {"nistp256", NID_X9_62_prime256v1, 256},
- {"nistp384", NID_secp384r1, 384},
-diff --git a/crypto/evp/ec_support.c b/crypto/evp/ec_support.c
-index 1ec10143d2..82b95294b4 100644
---- a/crypto/evp/ec_support.c
-+++ b/crypto/evp/ec_support.c
-@@ -20,89 +20,15 @@ typedef struct ec_name2nid_st {
- static const EC_NAME2NID curve_list[] = {
- /* prime field curves */
- /* secg curves */
-- {"secp112r1", NID_secp112r1 },
-- {"secp112r2", NID_secp112r2 },
-- {"secp128r1", NID_secp128r1 },
-- {"secp128r2", NID_secp128r2 },
-- {"secp160k1", NID_secp160k1 },
-- {"secp160r1", NID_secp160r1 },
-- {"secp160r2", NID_secp160r2 },
-- {"secp192k1", NID_secp192k1 },
-- {"secp224k1", NID_secp224k1 },
- {"secp224r1", NID_secp224r1 },
- {"secp256k1", NID_secp256k1 },
- {"secp384r1", NID_secp384r1 },
- {"secp521r1", NID_secp521r1 },
- /* X9.62 curves */
-- {"prime192v1", NID_X9_62_prime192v1 },
-- {"prime192v2", NID_X9_62_prime192v2 },
-- {"prime192v3", NID_X9_62_prime192v3 },
-- {"prime239v1", NID_X9_62_prime239v1 },
-- {"prime239v2", NID_X9_62_prime239v2 },
-- {"prime239v3", NID_X9_62_prime239v3 },
- {"prime256v1", NID_X9_62_prime256v1 },
- /* characteristic two field curves */
- /* NIST/SECG curves */
-- {"sect113r1", NID_sect113r1 },
-- {"sect113r2", NID_sect113r2 },
-- {"sect131r1", NID_sect131r1 },
-- {"sect131r2", NID_sect131r2 },
-- {"sect163k1", NID_sect163k1 },
-- {"sect163r1", NID_sect163r1 },
-- {"sect163r2", NID_sect163r2 },
-- {"sect193r1", NID_sect193r1 },
-- {"sect193r2", NID_sect193r2 },
-- {"sect233k1", NID_sect233k1 },
-- {"sect233r1", NID_sect233r1 },
-- {"sect239k1", NID_sect239k1 },
-- {"sect283k1", NID_sect283k1 },
-- {"sect283r1", NID_sect283r1 },
-- {"sect409k1", NID_sect409k1 },
-- {"sect409r1", NID_sect409r1 },
-- {"sect571k1", NID_sect571k1 },
-- {"sect571r1", NID_sect571r1 },
-- /* X9.62 curves */
-- {"c2pnb163v1", NID_X9_62_c2pnb163v1 },
-- {"c2pnb163v2", NID_X9_62_c2pnb163v2 },
-- {"c2pnb163v3", NID_X9_62_c2pnb163v3 },
-- {"c2pnb176v1", NID_X9_62_c2pnb176v1 },
-- {"c2tnb191v1", NID_X9_62_c2tnb191v1 },
-- {"c2tnb191v2", NID_X9_62_c2tnb191v2 },
-- {"c2tnb191v3", NID_X9_62_c2tnb191v3 },
-- {"c2pnb208w1", NID_X9_62_c2pnb208w1 },
-- {"c2tnb239v1", NID_X9_62_c2tnb239v1 },
-- {"c2tnb239v2", NID_X9_62_c2tnb239v2 },
-- {"c2tnb239v3", NID_X9_62_c2tnb239v3 },
-- {"c2pnb272w1", NID_X9_62_c2pnb272w1 },
-- {"c2pnb304w1", NID_X9_62_c2pnb304w1 },
-- {"c2tnb359v1", NID_X9_62_c2tnb359v1 },
-- {"c2pnb368w1", NID_X9_62_c2pnb368w1 },
-- {"c2tnb431r1", NID_X9_62_c2tnb431r1 },
-- /*
-- * the WAP/WTLS curves [unlike SECG, spec has its own OIDs for curves
-- * from X9.62]
-- */
-- {"wap-wsg-idm-ecid-wtls1", NID_wap_wsg_idm_ecid_wtls1 },
-- {"wap-wsg-idm-ecid-wtls3", NID_wap_wsg_idm_ecid_wtls3 },
-- {"wap-wsg-idm-ecid-wtls4", NID_wap_wsg_idm_ecid_wtls4 },
-- {"wap-wsg-idm-ecid-wtls5", NID_wap_wsg_idm_ecid_wtls5 },
-- {"wap-wsg-idm-ecid-wtls6", NID_wap_wsg_idm_ecid_wtls6 },
-- {"wap-wsg-idm-ecid-wtls7", NID_wap_wsg_idm_ecid_wtls7 },
-- {"wap-wsg-idm-ecid-wtls8", NID_wap_wsg_idm_ecid_wtls8 },
-- {"wap-wsg-idm-ecid-wtls9", NID_wap_wsg_idm_ecid_wtls9 },
-- {"wap-wsg-idm-ecid-wtls10", NID_wap_wsg_idm_ecid_wtls10 },
-- {"wap-wsg-idm-ecid-wtls11", NID_wap_wsg_idm_ecid_wtls11 },
-- {"wap-wsg-idm-ecid-wtls12", NID_wap_wsg_idm_ecid_wtls12 },
-- /* IPSec curves */
-- {"Oakley-EC2N-3", NID_ipsec3 },
-- {"Oakley-EC2N-4", NID_ipsec4 },
- /* brainpool curves */
-- {"brainpoolP160r1", NID_brainpoolP160r1 },
-- {"brainpoolP160t1", NID_brainpoolP160t1 },
-- {"brainpoolP192r1", NID_brainpoolP192r1 },
-- {"brainpoolP192t1", NID_brainpoolP192t1 },
-- {"brainpoolP224r1", NID_brainpoolP224r1 },
-- {"brainpoolP224t1", NID_brainpoolP224t1 },
- {"brainpoolP256r1", NID_brainpoolP256r1 },
- {"brainpoolP256t1", NID_brainpoolP256t1 },
- {"brainpoolP320r1", NID_brainpoolP320r1 },
-@@ -111,8 +37,6 @@ static const EC_NAME2NID curve_list[] = {
- {"brainpoolP384t1", NID_brainpoolP384t1 },
- {"brainpoolP512r1", NID_brainpoolP512r1 },
- {"brainpoolP512t1", NID_brainpoolP512t1 },
-- /* SM2 curve */
-- {"SM2", NID_sm2 },
- };
-
- const char *OSSL_EC_curve_nid2name(int nid)
-@@ -150,17 +74,6 @@ int ossl_ec_curve_name2nid(const char *name)
- /* Functions to translate between common NIST curve names and NIDs */
-
- static const EC_NAME2NID nist_curves[] = {
-- {"B-163", NID_sect163r2},
-- {"B-233", NID_sect233r1},
-- {"B-283", NID_sect283r1},
-- {"B-409", NID_sect409r1},
-- {"B-571", NID_sect571r1},
-- {"K-163", NID_sect163k1},
-- {"K-233", NID_sect233k1},
-- {"K-283", NID_sect283k1},
-- {"K-409", NID_sect409k1},
-- {"K-571", NID_sect571k1},
-- {"P-192", NID_X9_62_prime192v1},
- {"P-224", NID_secp224r1},
- {"P-256", NID_X9_62_prime256v1},
- {"P-384", NID_secp384r1},
-diff --git a/test/acvp_test.inc b/test/acvp_test.inc
-index ad11d3ae1e..894a0bff9d 100644
---- a/test/acvp_test.inc
-+++ b/test/acvp_test.inc
-@@ -211,15 +211,6 @@ static const unsigned char ecdsa_sigver_s1[] = {
- 0xB1, 0xAC,
- };
- static const struct ecdsa_sigver_st ecdsa_sigver_data[] = {
-- {
-- "SHA-1",
-- "P-192",
-- ITM(ecdsa_sigver_msg0),
-- ITM(ecdsa_sigver_pub0),
-- ITM(ecdsa_sigver_r0),
-- ITM(ecdsa_sigver_s0),
-- PASS,
-- },
- {
- "SHA2-512",
- "P-521",
-diff --git a/test/ecdsatest.h b/test/ecdsatest.h
-index 63fe319025..06b5c0aac5 100644
---- a/test/ecdsatest.h
-+++ b/test/ecdsatest.h
-@@ -32,23 +32,6 @@ typedef struct {
- } ecdsa_cavs_kat_t;
-
- static const ecdsa_cavs_kat_t ecdsa_cavs_kats[] = {
-- /* prime KATs from X9.62 */
-- {NID_X9_62_prime192v1, NID_sha1,
-- "616263", /* "abc" */
-- "1a8d598fc15bf0fd89030b5cb1111aeb92ae8baf5ea475fb",
-- "0462b12d60690cdcf330babab6e69763b471f994dd702d16a563bf5ec08069705ffff65e"
-- "5ca5c0d69716dfcb3474373902",
-- "fa6de29746bbeb7f8bb1e761f85f7dfb2983169d82fa2f4e",
-- "885052380ff147b734c330c43d39b2c4a89f29b0f749fead",
-- "e9ecc78106def82bf1070cf1d4d804c3cb390046951df686"},
-- {NID_X9_62_prime239v1, NID_sha1,
-- "616263", /* "abc" */
-- "7ef7c6fabefffdea864206e80b0b08a9331ed93e698561b64ca0f7777f3d",
-- "045b6dc53bc61a2548ffb0f671472de6c9521a9d2d2534e65abfcbd5fe0c707fd9f1ed2e"
-- "65f09f6ce0893baf5e8e31e6ae82ea8c3592335be906d38dee",
-- "656c7196bf87dcc5d1f1020906df2782360d36b2de7a17ece37d503784af",
-- "2cb7f36803ebb9c427c58d8265f11fc5084747133078fc279de874fbecb0",
-- "2eeae988104e9c2234a3c2beb1f53bfa5dc11ff36a875d1e3ccb1f7e45cf"},
- /* prime KATs from NIST CAVP */
- {NID_secp224r1, NID_sha224,
- "699325d6fc8fbbb4981a6ded3c3a54ad2e4e3db8a5669201912064c64e700c139248cdc1"
-diff --git a/test/recipes/15-test_genec.t b/test/recipes/15-test_genec.t
-index 2dfed387ca..c733b68f83 100644
---- a/test/recipes/15-test_genec.t
-+++ b/test/recipes/15-test_genec.t
-@@ -41,37 +41,11 @@ plan skip_all => "This test is unsupported in a no-ec build"
- if disabled("ec");
-
- my @prime_curves = qw(
-- secp112r1
-- secp112r2
-- secp128r1
-- secp128r2
-- secp160k1
-- secp160r1
-- secp160r2
-- secp192k1
-- secp224k1
- secp224r1
- secp256k1
- secp384r1
- secp521r1
-- prime192v1
-- prime192v2
-- prime192v3
-- prime239v1
-- prime239v2
-- prime239v3
- prime256v1
-- wap-wsg-idm-ecid-wtls6
-- wap-wsg-idm-ecid-wtls7
-- wap-wsg-idm-ecid-wtls8
-- wap-wsg-idm-ecid-wtls9
-- wap-wsg-idm-ecid-wtls12
-- brainpoolP160r1
-- brainpoolP160t1
-- brainpoolP192r1
-- brainpoolP192t1
-- brainpoolP224r1
-- brainpoolP224t1
- brainpoolP256r1
- brainpoolP256t1
- brainpoolP320r1
-@@ -136,7 +110,6 @@ push(@other_curves, 'SM2')
- if !disabled("sm2");
-
- my @curve_aliases = qw(
-- P-192
- P-224
- P-256
- P-384
---
-2.41.0
-
diff --git a/0012-Disable-explicit-ec.patch b/0012-Disable-explicit-ec.patch
deleted file mode 100644
index 9b86309..0000000
--- a/0012-Disable-explicit-ec.patch
+++ /dev/null
@@ -1,235 +0,0 @@
-From 91bdd9b816b22bc1464ec323f3272b866b24114d Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
-Subject: [PATCH 12/35] 0012-Disable-explicit-ec.patch
-
-Patch-name: 0012-Disable-explicit-ec.patch
-Patch-id: 12
-Patch-status: |
- # Disable explicit EC curves
- # https://bugzilla.redhat.com/show_bug.cgi?id=2066412
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
----
- crypto/ec/ec_asn1.c | 11 ++++++++++
- crypto/ec/ec_lib.c | 6 +++++
- test/ectest.c | 22 ++++++++++---------
- test/endecode_test.c | 20 ++++++++---------
- .../30-test_evp_data/evppkey_ecdsa.txt | 12 ----------
- 5 files changed, 39 insertions(+), 32 deletions(-)
-
-diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
-index 7a0b35a594..d19d57344e 100644
---- a/crypto/ec/ec_asn1.c
-+++ b/crypto/ec/ec_asn1.c
-@@ -905,6 +905,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
- if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
- group->decoded_from_explicit_params = 1;
-
-+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
-+ EC_GROUP_free(group);
-+ ECPKPARAMETERS_free(params);
-+ return NULL;
-+ }
-+
- if (a) {
- EC_GROUP_free(*a);
- *a = group;
-@@ -964,6 +970,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
- goto err;
- }
-
-+ if (EC_GROUP_check_named_curve(ret->group, 0, NULL) == NID_undef) {
-+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
-+ goto err;
-+ }
-+
- ret->version = priv_key->version;
-
- if (priv_key->privateKey) {
-diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
-index a84e088c19..6c37bf78ae 100644
---- a/crypto/ec/ec_lib.c
-+++ b/crypto/ec/ec_lib.c
-@@ -1724,6 +1724,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
- goto err;
- }
- if (named_group == group) {
-+ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
-+ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
-+ goto err;
-+ }
-+#if 0
- /*
- * If we did not find a named group then the encoding should be explicit
- * if it was specified
-@@ -1739,6 +1744,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
- goto err;
- }
- EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
-+#endif
- } else {
- EC_GROUP_free(group);
- group = named_group;
-diff --git a/test/ectest.c b/test/ectest.c
-index 4890b0555e..e11aec5b3b 100644
---- a/test/ectest.c
-+++ b/test/ectest.c
-@@ -2301,10 +2301,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
- if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
- || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
- || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
-- || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam,
-+ || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam,
- EVP_PKEY_KEY_PARAMETERS, params), 0))
- goto err;
--
-+/* As creating the key should fail, the rest of the test is pointless */
-+# if 0
- /*- Check that all the set values are retrievable -*/
-
- /* There should be no match to a group name since the generator changed */
-@@ -2433,6 +2434,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
- #endif
- )
- goto err;
-+#endif
- ret = 1;
- err:
- BN_free(order_out);
-@@ -2714,21 +2716,21 @@ static int custom_params_test(int id)
-
- /* Compute keyexchange in both directions */
- if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
-- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
-- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
-+ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0)
-+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
- || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1)
- || !TEST_int_gt(bsize, sslen)
-- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1))
-+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/)
- goto err;
- if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL))
-- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1)
-- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
-+ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1)
-+/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
- || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1)
- || !TEST_int_gt(bsize, t)
- || !TEST_int_le(sslen, t)
-- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1))
-+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */)
- goto err;
--
-+#if 0
- /* Both sides should expect the same shared secret */
- if (!TEST_mem_eq(buf1, sslen, buf2, t))
- goto err;
-@@ -2780,7 +2782,7 @@ static int custom_params_test(int id)
- /* compare with previous result */
- || !TEST_mem_eq(buf1, t, buf2, sslen))
- goto err;
--
-+#endif
- ret = 1;
-
- err:
-diff --git a/test/endecode_test.c b/test/endecode_test.c
-index 14648287eb..9a437d8c64 100644
---- a/test/endecode_test.c
-+++ b/test/endecode_test.c
-@@ -62,7 +62,7 @@ static BN_CTX *bnctx = NULL;
- static OSSL_PARAM_BLD *bld_prime_nc = NULL;
- static OSSL_PARAM_BLD *bld_prime = NULL;
- static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
--static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
-+/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
-
- # ifndef OPENSSL_NO_EC2M
- static OSSL_PARAM_BLD *bld_tri_nc = NULL;
-@@ -1009,9 +1009,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
- DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
- IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
- IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
--DOMAIN_KEYS(ECExplicitPrime2G);
--IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
--IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
-+/*DOMAIN_KEYS(ECExplicitPrime2G);*/
-+/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
-+/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
- # ifndef OPENSSL_NO_EC2M
- DOMAIN_KEYS(ECExplicitTriNamedCurve);
- IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
-@@ -1352,7 +1352,7 @@ int setup_tests(void)
- || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
- || !create_ec_explicit_prime_params(bld_prime)
- || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
-- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
-+/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
- # ifndef OPENSSL_NO_EC2M
- || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
- || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
-@@ -1380,7 +1380,7 @@ int setup_tests(void)
- TEST_info("Generating EC keys...");
- MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
- MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
-- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
-+/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
- # ifndef OPENSSL_NO_EC2M
- MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
- MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
-@@ -1423,8 +1423,8 @@ int setup_tests(void)
- ADD_TEST_SUITE_LEGACY(EC);
- ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
- ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
-- ADD_TEST_SUITE(ECExplicitPrime2G);
-- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
-+/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
-+/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
- # ifndef OPENSSL_NO_EC2M
- ADD_TEST_SUITE(ECExplicitTriNamedCurve);
- ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
-@@ -1461,7 +1461,7 @@ void cleanup_tests(void)
- {
- #ifndef OPENSSL_NO_EC
- OSSL_PARAM_free(ec_explicit_prime_params_nc);
-- OSSL_PARAM_free(ec_explicit_prime_params_explicit);
-+/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
- OSSL_PARAM_BLD_free(bld_prime_nc);
- OSSL_PARAM_BLD_free(bld_prime);
- # ifndef OPENSSL_NO_EC2M
-@@ -1483,7 +1483,7 @@ void cleanup_tests(void)
- #ifndef OPENSSL_NO_EC
- FREE_DOMAIN_KEYS(EC);
- FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
-- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
-+/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
- # ifndef OPENSSL_NO_EC2M
- FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
- FREE_DOMAIN_KEYS(ECExplicitTri2G);
-diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
-index ec3c032aba..584ecee0eb 100644
---- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
-+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
-@@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
- 3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
- -----END PRIVATE KEY-----
-
--PrivateKey = EC_EXPLICIT
-------BEGIN PRIVATE KEY-----
--MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
--AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
--///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
--AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
--l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
--AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
--OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
--46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
-------END PRIVATE KEY-----
--
- PrivateKey = B-163
- -----BEGIN PRIVATE KEY-----
- MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
---
-2.41.0
-
diff --git a/0012-RH-Disable-explicit-ec-curves.patch b/0012-RH-Disable-explicit-ec-curves.patch
new file mode 100644
index 0000000..d1533f0
--- /dev/null
+++ b/0012-RH-Disable-explicit-ec-curves.patch
@@ -0,0 +1,235 @@
+From 8b49902cbf9a4bfdd651d894b0a32e90e5eebd45 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 12/49] RH: Disable explicit ec curves
+
+Patch-name: 0012-Disable-explicit-ec.patch
+Patch-id: 12
+Patch-status: |
+ # # Disable explicit EC curves
+ # # https://bugzilla.redhat.com/show_bug.cgi?id=2066412
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ crypto/ec/ec_asn1.c | 11 ++++++++++
+ crypto/ec/ec_lib.c | 6 +++++
+ test/ectest.c | 22 ++++++++++---------
+ test/endecode_test.c | 20 ++++++++---------
+ .../30-test_evp_data/evppkey_ecdsa.txt | 12 ----------
+ 5 files changed, 39 insertions(+), 32 deletions(-)
+
+diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
+index 643d2d8d7b..5895606176 100644
+--- a/crypto/ec/ec_asn1.c
++++ b/crypto/ec/ec_asn1.c
+@@ -901,6 +901,12 @@ EC_GROUP *d2i_ECPKParameters(EC_GROUP **a, const unsigned char **in, long len)
+ if (params->type == ECPKPARAMETERS_TYPE_EXPLICIT)
+ group->decoded_from_explicit_params = 1;
+
++ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
++ EC_GROUP_free(group);
++ ECPKPARAMETERS_free(params);
++ return NULL;
++ }
++
+ if (a) {
+ EC_GROUP_free(*a);
+ *a = group;
+@@ -960,6 +966,11 @@ EC_KEY *d2i_ECPrivateKey(EC_KEY **a, const unsigned char **in, long len)
+ goto err;
+ }
+
++ if (EC_GROUP_check_named_curve(ret->group, 0, NULL) == NID_undef) {
++ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
++ goto err;
++ }
++
+ ret->version = priv_key->version;
+
+ if (priv_key->privateKey) {
+diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
+index b55677fb1f..dcfdef408e 100644
+--- a/crypto/ec/ec_lib.c
++++ b/crypto/ec/ec_lib.c
+@@ -1728,6 +1728,11 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
+ goto err;
+ }
+ if (named_group == group) {
++ if (EC_GROUP_check_named_curve(group, 0, NULL) == NID_undef) {
++ ERR_raise(ERR_LIB_EC, EC_R_UNKNOWN_GROUP);
++ goto err;
++ }
++#if 0
+ /*
+ * If we did not find a named group then the encoding should be explicit
+ * if it was specified
+@@ -1743,6 +1748,7 @@ EC_GROUP *EC_GROUP_new_from_params(const OSSL_PARAM params[],
+ goto err;
+ }
+ EC_GROUP_set_asn1_flag(group, OPENSSL_EC_EXPLICIT_CURVE);
++#endif
+ } else {
+ EC_GROUP_free(group);
+ group = named_group;
+diff --git a/test/ectest.c b/test/ectest.c
+index 0ddbba3b98..f736d13feb 100644
+--- a/test/ectest.c
++++ b/test/ectest.c
+@@ -2413,10 +2413,11 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
+ if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
+ || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL))
+ || !TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
+- || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkeyparam,
++ || !TEST_int_le(EVP_PKEY_fromdata(pctx, &pkeyparam,
+ EVP_PKEY_KEY_PARAMETERS, params), 0))
+ goto err;
+-
++/* As creating the key should fail, the rest of the test is pointless */
++# if 0
+ /*- Check that all the set values are retrievable -*/
+
+ /* There should be no match to a group name since the generator changed */
+@@ -2545,6 +2546,7 @@ static int do_test_custom_explicit_fromdata(EC_GROUP *group, BN_CTX *ctx,
+ #endif
+ )
+ goto err;
++#endif
+ ret = 1;
+ err:
+ BN_free(order_out);
+@@ -2826,21 +2828,21 @@ static int custom_params_test(int id)
+
+ /* Compute keyexchange in both directions */
+ if (!TEST_ptr(pctx1 = EVP_PKEY_CTX_new(pkey1, NULL))
+- || !TEST_int_eq(EVP_PKEY_derive_init(pctx1), 1)
+- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
++ || !TEST_int_le(EVP_PKEY_derive_init(pctx1), 0)
++/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx1, pkey2), 1)
+ || !TEST_int_eq(EVP_PKEY_derive(pctx1, NULL, &sslen), 1)
+ || !TEST_int_gt(bsize, sslen)
+- || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1))
++ || !TEST_int_eq(EVP_PKEY_derive(pctx1, buf1, &sslen), 1)*/)
+ goto err;
+ if (!TEST_ptr(pctx2 = EVP_PKEY_CTX_new(pkey2, NULL))
+- || !TEST_int_eq(EVP_PKEY_derive_init(pctx2), 1)
+- || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
++ || !TEST_int_le(EVP_PKEY_derive_init(pctx2), 1)
++/* || !TEST_int_eq(EVP_PKEY_derive_set_peer(pctx2, pkey1), 1)
+ || !TEST_int_eq(EVP_PKEY_derive(pctx2, NULL, &t), 1)
+ || !TEST_int_gt(bsize, t)
+ || !TEST_int_le(sslen, t)
+- || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1))
++ || !TEST_int_eq(EVP_PKEY_derive(pctx2, buf2, &t), 1) */)
+ goto err;
+-
++#if 0
+ /* Both sides should expect the same shared secret */
+ if (!TEST_mem_eq(buf1, sslen, buf2, t))
+ goto err;
+@@ -2892,7 +2894,7 @@ static int custom_params_test(int id)
+ /* compare with previous result */
+ || !TEST_mem_eq(buf1, t, buf2, sslen))
+ goto err;
+-
++#endif
+ ret = 1;
+
+ err:
+diff --git a/test/endecode_test.c b/test/endecode_test.c
+index 028deb4ed1..85c84f6592 100644
+--- a/test/endecode_test.c
++++ b/test/endecode_test.c
+@@ -63,7 +63,7 @@ static BN_CTX *bnctx = NULL;
+ static OSSL_PARAM_BLD *bld_prime_nc = NULL;
+ static OSSL_PARAM_BLD *bld_prime = NULL;
+ static OSSL_PARAM *ec_explicit_prime_params_nc = NULL;
+-static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;
++/*static OSSL_PARAM *ec_explicit_prime_params_explicit = NULL;*/
+
+ # ifndef OPENSSL_NO_EC2M
+ static OSSL_PARAM_BLD *bld_tri_nc = NULL;
+@@ -1027,9 +1027,9 @@ IMPLEMENT_TEST_SUITE_LEGACY(EC, "EC")
+ DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
+ IMPLEMENT_TEST_SUITE(ECExplicitPrimeNamedCurve, "EC", 1)
+ IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve, "EC")
+-DOMAIN_KEYS(ECExplicitPrime2G);
+-IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)
+-IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")
++/*DOMAIN_KEYS(ECExplicitPrime2G);*/
++/*IMPLEMENT_TEST_SUITE(ECExplicitPrime2G, "EC", 0)*/
++/*IMPLEMENT_TEST_SUITE_LEGACY(ECExplicitPrime2G, "EC")*/
+ # ifndef OPENSSL_NO_EC2M
+ DOMAIN_KEYS(ECExplicitTriNamedCurve);
+ IMPLEMENT_TEST_SUITE(ECExplicitTriNamedCurve, "EC", 1)
+@@ -1445,7 +1445,7 @@ int setup_tests(void)
+ || !create_ec_explicit_prime_params_namedcurve(bld_prime_nc)
+ || !create_ec_explicit_prime_params(bld_prime)
+ || !TEST_ptr(ec_explicit_prime_params_nc = OSSL_PARAM_BLD_to_param(bld_prime_nc))
+- || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))
++/* || !TEST_ptr(ec_explicit_prime_params_explicit = OSSL_PARAM_BLD_to_param(bld_prime))*/
+ # ifndef OPENSSL_NO_EC2M
+ || !TEST_ptr(bld_tri_nc = OSSL_PARAM_BLD_new())
+ || !TEST_ptr(bld_tri = OSSL_PARAM_BLD_new())
+@@ -1473,7 +1473,7 @@ int setup_tests(void)
+ TEST_info("Generating EC keys...");
+ MAKE_DOMAIN_KEYS(EC, "EC", EC_params);
+ MAKE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve, "EC", ec_explicit_prime_params_nc);
+- MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);
++/* MAKE_DOMAIN_KEYS(ECExplicitPrime2G, "EC", ec_explicit_prime_params_explicit);*/
+ # ifndef OPENSSL_NO_EC2M
+ MAKE_DOMAIN_KEYS(ECExplicitTriNamedCurve, "EC", ec_explicit_tri_params_nc);
+ MAKE_DOMAIN_KEYS(ECExplicitTri2G, "EC", ec_explicit_tri_params_explicit);
+@@ -1553,8 +1553,8 @@ int setup_tests(void)
+ ADD_TEST_SUITE_LEGACY(EC);
+ ADD_TEST_SUITE(ECExplicitPrimeNamedCurve);
+ ADD_TEST_SUITE_LEGACY(ECExplicitPrimeNamedCurve);
+- ADD_TEST_SUITE(ECExplicitPrime2G);
+- ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);
++/* ADD_TEST_SUITE(ECExplicitPrime2G);*/
++/* ADD_TEST_SUITE_LEGACY(ECExplicitPrime2G);*/
+ # ifndef OPENSSL_NO_EC2M
+ ADD_TEST_SUITE(ECExplicitTriNamedCurve);
+ ADD_TEST_SUITE_LEGACY(ECExplicitTriNamedCurve);
+@@ -1631,7 +1631,7 @@ void cleanup_tests(void)
+ {
+ #ifndef OPENSSL_NO_EC
+ OSSL_PARAM_free(ec_explicit_prime_params_nc);
+- OSSL_PARAM_free(ec_explicit_prime_params_explicit);
++/* OSSL_PARAM_free(ec_explicit_prime_params_explicit);*/
+ OSSL_PARAM_BLD_free(bld_prime_nc);
+ OSSL_PARAM_BLD_free(bld_prime);
+ # ifndef OPENSSL_NO_EC2M
+@@ -1653,7 +1653,7 @@ void cleanup_tests(void)
+ #ifndef OPENSSL_NO_EC
+ FREE_DOMAIN_KEYS(EC);
+ FREE_DOMAIN_KEYS(ECExplicitPrimeNamedCurve);
+- FREE_DOMAIN_KEYS(ECExplicitPrime2G);
++/* FREE_DOMAIN_KEYS(ECExplicitPrime2G);*/
+ # ifndef OPENSSL_NO_EC2M
+ FREE_DOMAIN_KEYS(ECExplicitTriNamedCurve);
+ FREE_DOMAIN_KEYS(ECExplicitTri2G);
+diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+index 54b143bead..06ec905be0 100644
+--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
++++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+@@ -133,18 +133,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
+ 3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
+ -----END PRIVATE KEY-----
+
+-PrivateKey = EC_EXPLICIT
+------BEGIN PRIVATE KEY-----
+-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
+-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
+-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
+-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
+-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
+-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
+-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
+-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
+------END PRIVATE KEY-----
+-
+ PrivateKey = B-163
+ -----BEGIN PRIVATE KEY-----
+ MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
+--
+2.48.1
+
diff --git a/0013-RH-skipped-tests-EC-curves.patch b/0013-RH-skipped-tests-EC-curves.patch
new file mode 100644
index 0000000..abd98d3
--- /dev/null
+++ b/0013-RH-skipped-tests-EC-curves.patch
@@ -0,0 +1,82 @@
+From 3fa4431755e7f9666a54ca661b816da98cc2a112 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 13/49] RH: skipped tests EC curves
+
+Patch-name: 0013-skipped-tests-EC-curves.patch
+Patch-id: 13
+Patch-status: |
+ # # Skipped tests from former 0011-Remove-EC-curves.patch
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ test/recipes/15-test_ec.t | 2 +-
+ .../30-test_evp_data/evppkey_ecdsa_sigalg.txt | 12 ------------
+ test/recipes/65-test_cmp_protect.t | 2 +-
+ test/recipes/65-test_cmp_vfy.t | 2 +-
+ 4 files changed, 3 insertions(+), 15 deletions(-)
+
+diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
+index c953fad9f1..906769a12e 100644
+--- a/test/recipes/15-test_ec.t
++++ b/test/recipes/15-test_ec.t
+@@ -94,7 +94,7 @@ SKIP: {
+
+ subtest 'Check loading of fips and non-fips keys' => sub {
+ plan skip_all => "FIPS is disabled"
+- if $no_fips;
++ if 1; #Red Hat specific, original value is $no_fips;
+
+ plan tests => 2;
+
+diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt
+index 7c339c272b..0ff482e4e8 100644
+--- a/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt
++++ b/test/recipes/30-test_evp_data/evppkey_ecdsa_sigalg.txt
+@@ -132,18 +132,6 @@ AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgiUTxtr5vLVjj
+ 3ev1gTwRBduzqqlwd54AUSgI+pjttW8zrWNitO8H1sf59MPWOESKxNtZ1+Nl
+ -----END PRIVATE KEY-----
+
+-PrivateKey = EC_EXPLICIT
+------BEGIN PRIVATE KEY-----
+-MIIBeQIBADCCAQMGByqGSM49AgEwgfcCAQEwLAYHKoZIzj0BAQIhAP////8AAAAB
+-AAAAAAAAAAAAAAAA////////////////MFsEIP////8AAAABAAAAAAAAAAAAAAAA
+-///////////////8BCBaxjXYqjqT57PrvVV2mIa8ZR0GsMxTsPY7zjw+J9JgSwMV
+-AMSdNgiG5wSTamZ44ROdJreBn36QBEEE5JcIvn36opqjEm/k59Al40rBAxWM2TPG
+-l0L13Je51zHpfXQ9Z2o7IQicMXP4wSfJ0qCgg2bgydqoxlYrlLGuVQIhAP////8A
+-AAAA//////////+85vqtpxeehPO5ysL8YyVRAgEBBG0wawIBAQQgec92jwduadCk
+-OjoNRI+YT5Be5TkzZXzYCyTLkMOikDmhRANCAATtECEhQbLEaiUj/Wu0qjcr81lL
+-46dx5zYgArz/iaSNJ3W80oO+F7v04jlQ7wxQzg96R0bwKiMeq5CcW9ZFt6xg
+------END PRIVATE KEY-----
+-
+ PrivateKey = B-163
+ -----BEGIN PRIVATE KEY-----
+ MGMCAQAwEAYHKoZIzj0CAQYFK4EEAA8ETDBKAgEBBBUDnQW0mLiHVha/jqFznX/K
+diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t
+index 92c91d8b88..294491fff4 100644
+--- a/test/recipes/65-test_cmp_protect.t
++++ b/test/recipes/65-test_cmp_protect.t
+@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
+ plan skip_all => "This test is not supported in a shared library build on Windows"
+ if $^O eq 'MSWin32' && !disabled("shared");
+
+-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
+
+ my @basic_cmd = ("cmp_protect_test",
+ data_file("prot_RSA.pem"),
+diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t
+index f722800e27..26a01786bb 100644
+--- a/test/recipes/65-test_cmp_vfy.t
++++ b/test/recipes/65-test_cmp_vfy.t
+@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
+ plan skip_all => "This test is not supported in a no-ec build"
+ if disabled("ec");
+
+-plan tests => 2 + ($no_fips ? 0 : 1); #fips test
++plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
+
+ my @basic_cmd = ("cmp_vfy_test",
+ data_file("server.crt"), data_file("client.crt"),
+--
+2.48.1
+
diff --git a/0013-skipped-tests-EC-curves.patch b/0013-skipped-tests-EC-curves.patch
deleted file mode 100644
index fc544c9..0000000
--- a/0013-skipped-tests-EC-curves.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 9ede2b1e13f72db37718853faff74b4429084d59 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
-Subject: [PATCH 13/35] 0013-skipped-tests-EC-curves.patch
-
-Patch-name: 0013-skipped-tests-EC-curves.patch
-Patch-id: 13
-Patch-status: |
- # Skipped tests from former 0011-Remove-EC-curves.patch
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
----
- test/recipes/15-test_ec.t | 2 +-
- test/recipes/65-test_cmp_protect.t | 2 +-
- test/recipes/65-test_cmp_vfy.t | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/test/recipes/15-test_ec.t b/test/recipes/15-test_ec.t
-index 0638d626e7..c0efd77649 100644
---- a/test/recipes/15-test_ec.t
-+++ b/test/recipes/15-test_ec.t
-@@ -90,7 +90,7 @@ subtest 'Ed448 conversions -- public key' => sub {
-
- subtest 'Check loading of fips and non-fips keys' => sub {
- plan skip_all => "FIPS is disabled"
-- if $no_fips;
-+ if 1; #Red Hat specific, original value is $no_fips;
-
- plan tests => 2;
-
-diff --git a/test/recipes/65-test_cmp_protect.t b/test/recipes/65-test_cmp_protect.t
-index 631603df7c..4cb2ffebbc 100644
---- a/test/recipes/65-test_cmp_protect.t
-+++ b/test/recipes/65-test_cmp_protect.t
-@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
- plan skip_all => "This test is not supported in a shared library build on Windows"
- if $^O eq 'MSWin32' && !disabled("shared");
-
--plan tests => 2 + ($no_fips ? 0 : 1); #fips test
-+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
-
- my @basic_cmd = ("cmp_protect_test",
- data_file("prot_RSA.pem"),
-diff --git a/test/recipes/65-test_cmp_vfy.t b/test/recipes/65-test_cmp_vfy.t
-index f722800e27..26a01786bb 100644
---- a/test/recipes/65-test_cmp_vfy.t
-+++ b/test/recipes/65-test_cmp_vfy.t
-@@ -27,7 +27,7 @@ plan skip_all => "This test is not supported in a no-cmp build"
- plan skip_all => "This test is not supported in a no-ec build"
- if disabled("ec");
-
--plan tests => 2 + ($no_fips ? 0 : 1); #fips test
-+plan skip_all => 2 + ($no_fips ? 0 : 1); #fips test
-
- my @basic_cmd = ("cmp_vfy_test",
- data_file("server.crt"), data_file("client.crt"),
---
-2.41.0
-
diff --git a/0014-RH-skip-quic-pairwise.patch b/0014-RH-skip-quic-pairwise.patch
new file mode 100644
index 0000000..9825213
--- /dev/null
+++ b/0014-RH-skip-quic-pairwise.patch
@@ -0,0 +1,86 @@
+From aadafb74ec4b3d25971c7210bb1fb6a545493c76 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <dbelyavs@redhat.com>
+Date: Thu, 7 Mar 2024 17:37:09 +0100
+Subject: [PATCH 14/49] RH: skip quic pairwise
+
+Patch-name: 0115-skip-quic-pairwise.patch
+Patch-id: 115
+Patch-status: |
+ # skip quic and pairwise tests temporarily
+---
+ test/quicapitest.c | 4 +++-
+ test/recipes/01-test_symbol_presence.t | 1 +
+ test/recipes/30-test_pairwise_fail.t | 10 ++++++++--
+ 3 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/test/quicapitest.c b/test/quicapitest.c
+index 4782479cc6..2b41b8259c 100644
+--- a/test/quicapitest.c
++++ b/test/quicapitest.c
+@@ -2729,7 +2729,9 @@ int setup_tests(void)
+ ADD_TEST(test_cipher_find);
+ ADD_TEST(test_version);
+ #if defined(DO_SSL_TRACE_TEST)
+- ADD_TEST(test_ssl_trace);
++ if (is_fips == 0) {
++ ADD_TEST(test_ssl_trace);
++ }
+ #endif
+ ADD_TEST(test_quic_forbidden_apis_ctx);
+ ADD_TEST(test_quic_forbidden_apis);
+diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
+index 222b1886ae..7e2f65cccb 100644
+--- a/test/recipes/01-test_symbol_presence.t
++++ b/test/recipes/01-test_symbol_presence.t
+@@ -185,6 +185,7 @@ foreach (sort keys %stlibname) {
+ }
+ }
+ my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols;
++@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates;
+ if (@duplicates) {
+ note "Duplicates:";
+ note join('\n', @duplicates);
+diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t
+index a101a26fb1..43e5396766 100644
+--- a/test/recipes/30-test_pairwise_fail.t
++++ b/test/recipes/30-test_pairwise_fail.t
+@@ -9,7 +9,7 @@
+ use strict;
+ use warnings;
+
+-use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file);
++use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file with);
+ use OpenSSL::Test::Utils;
+
+ BEGIN {
+@@ -39,20 +39,26 @@ SKIP: {
+ SKIP: {
+ skip "Skip EC test because of no ec in this build", 2
+ if disabled("ec");
++ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
++ sub {
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "ec"])),
+ "fips provider ec keygen pairwise failure test");
++ });
+
+ skip "FIPS provider version is too old", 1
+ if !$fips_exit;
++ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
++ sub {
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "eckat"])),
+ "fips provider ec keygen kat failure test");
++ });
+ }
+
+ SKIP: {
+ skip "Skip DSA tests because of no dsa in this build", 2
+- if disabled("dsa");
++ if 1; #if disabled("dsa");
+ ok(run(test(["pairwise_fail_test", "-config", $provconf,
+ "-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])),
+ "fips provider dsa keygen pairwise failure test");
+--
+2.48.1
+
diff --git a/0015-RH-version-aliasing.patch b/0015-RH-version-aliasing.patch
new file mode 100644
index 0000000..613ba84
--- /dev/null
+++ b/0015-RH-version-aliasing.patch
@@ -0,0 +1,83 @@
+From f8d0821f738ea56f42ea041bd685f67d9c539bcf Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 15/49] RH: version aliasing
+
+Patch-name: 0116-version-aliasing.patch
+Patch-id: 116
+Patch-status: |
+ # Add version aliasing due to
+ # https://github.com/openssl/openssl/issues/23534
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ crypto/evp/digest.c | 7 ++++++-
+ crypto/evp/evp_enc.c | 7 ++++++-
+ test/recipes/01-test_symbol_presence.t | 1 +
+ util/libcrypto.num | 2 ++
+ 4 files changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
+index 6fc201bcfe..3c80b9dfe1 100644
+--- a/crypto/evp/digest.c
++++ b/crypto/evp/digest.c
+@@ -572,7 +572,12 @@ int EVP_DigestSqueeze(EVP_MD_CTX *ctx, unsigned char *md, size_t size)
+ return ctx->digest->dsqueeze(ctx->algctx, md, &size, size);
+ }
+
+-EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in)
++EVP_MD_CTX
++#if !defined(FIPS_MODULE)
++__attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"),
++ symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0")))
++#endif
++*EVP_MD_CTX_dup(const EVP_MD_CTX *in)
+ {
+ EVP_MD_CTX *out = EVP_MD_CTX_new();
+
+diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
+index eee00a0780..7c51786515 100644
+--- a/crypto/evp/evp_enc.c
++++ b/crypto/evp/evp_enc.c
+@@ -1762,7 +1762,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
+ #endif /* FIPS_MODULE */
+ }
+
+-EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
++EVP_CIPHER_CTX
++#if !defined(FIPS_MODULE)
++__attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"),
++ symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0")))
++#endif
++*EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
+ {
+ EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new();
+
+diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
+index 7e2f65cccb..cc947d4821 100644
+--- a/test/recipes/01-test_symbol_presence.t
++++ b/test/recipes/01-test_symbol_presence.t
+@@ -131,6 +131,7 @@ foreach (sort keys %stlibname) {
+ s| .*||;
+ # Drop OpenSSL dynamic version information if there is any
+ s|\@\@.+$||;
++ s|\@.+$||;
+ # Return the result
+ $_
+ }
+diff --git a/util/libcrypto.num b/util/libcrypto.num
+index d86007f719..28c4d27658 100644
+--- a/util/libcrypto.num
++++ b/util/libcrypto.num
+@@ -5435,7 +5435,9 @@ X509_PUBKEY_set0_public_key 5562 3_2_0 EXIST::FUNCTION:
+ OSSL_STACK_OF_X509_free 5563 3_2_0 EXIST::FUNCTION:
+ OSSL_trace_string 5564 3_2_0 EXIST::FUNCTION:
+ EVP_MD_CTX_dup 5565 3_2_0 EXIST::FUNCTION:
++EVP_MD_CTX_dup ? 3_1_0 EXIST::FUNCTION:
+ EVP_CIPHER_CTX_dup 5566 3_2_0 EXIST::FUNCTION:
++EVP_CIPHER_CTX_dup ? 3_1_0 EXIST::FUNCTION:
+ BN_signed_bin2bn 5567 3_2_0 EXIST::FUNCTION:
+ BN_signed_bn2bin 5568 3_2_0 EXIST::FUNCTION:
+ BN_signed_lebin2bn 5569 3_2_0 EXIST::FUNCTION:
+--
+2.48.1
+
diff --git a/0016-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch b/0016-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch
new file mode 100644
index 0000000..070fcca
--- /dev/null
+++ b/0016-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch
@@ -0,0 +1,80 @@
+From bcd95116ca2f91f0934d72f3d77873b4d1f9df3d Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Thu, 13 Feb 2025 16:09:09 -0500
+Subject: [PATCH 16/49] RH: Export two symbols for OPENSSL_str[n]casecmp
+
+We accidentally exported the symbols with the incorrect verison number
+in an early version of RHEL-9 so we need to keep the wrong symbols for
+ABI backwards compatibility and the correct symbols to be compatible
+with upstream.
+---
+ crypto/o_str.c | 14 ++++++++++++--
+ test/recipes/01-test_symbol_presence.t | 2 +-
+ util/libcrypto.num | 2 ++
+ 3 files changed, 15 insertions(+), 3 deletions(-)
+ mode change 100644 => 100755 test/recipes/01-test_symbol_presence.t
+
+diff --git a/crypto/o_str.c b/crypto/o_str.c
+index 93af73561f..86442a939e 100644
+--- a/crypto/o_str.c
++++ b/crypto/o_str.c
+@@ -403,7 +403,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
+ #endif
+ }
+
+-int OPENSSL_strcasecmp(const char *s1, const char *s2)
++int
++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
++__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
++ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
++#endif
++OPENSSL_strcasecmp(const char *s1, const char *s2)
+ {
+ int t;
+
+@@ -413,7 +418,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2)
+ return t;
+ }
+
+-int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
++int
++#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
++__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
++ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
++#endif
++OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
+ {
+ int t;
+ size_t i;
+diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
+old mode 100644
+new mode 100755
+index cc947d4821..de2dcd90c2
+--- a/test/recipes/01-test_symbol_presence.t
++++ b/test/recipes/01-test_symbol_presence.t
+@@ -186,7 +186,7 @@ foreach (sort keys %stlibname) {
+ }
+ }
+ my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols;
+-@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates;
++@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") && ($_ ne "OPENSSL_strcasecmp") && ($_ ne "OPENSSL_strncasecmp")} @duplicates;
+ if (@duplicates) {
+ note "Duplicates:";
+ note join('\n', @duplicates);
+diff --git a/util/libcrypto.num b/util/libcrypto.num
+index 28c4d27658..73cebdf360 100644
+--- a/util/libcrypto.num
++++ b/util/libcrypto.num
+@@ -5426,7 +5426,9 @@ ASN1_TIME_print_ex 5553 3_0_0 EXIST::FUNCTION:
+ EVP_PKEY_get0_provider 5554 3_0_0 EXIST::FUNCTION:
+ EVP_PKEY_CTX_get0_provider 5555 3_0_0 EXIST::FUNCTION:
+ OPENSSL_strcasecmp 5556 3_0_3 EXIST::FUNCTION:
++OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
+ OPENSSL_strncasecmp 5557 3_0_3 EXIST::FUNCTION:
++OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
+ EVP_RAND_CTX_up_ref 5558 3_1_0 EXIST::FUNCTION:
+ RAND_set0_public 5559 3_1_0 EXIST::FUNCTION:
+ RAND_set0_private 5560 3_1_0 EXIST::FUNCTION:
+--
+2.48.1
+
diff --git a/0017-RH-TMP-KTLS-test-skip.patch b/0017-RH-TMP-KTLS-test-skip.patch
new file mode 100644
index 0000000..56fe672
--- /dev/null
+++ b/0017-RH-TMP-KTLS-test-skip.patch
@@ -0,0 +1,30 @@
+From 8675fa2ac2e4b2676b4103375b4381810c6d4e9b Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Thu, 13 Feb 2025 18:11:19 -0500
+Subject: [PATCH 17/49] RH: TMP KTLS test skip
+
+From-dist-git-commit: 83382cc2a09dfcc55d5740fd08fd95c2333a56c9
+---
+ test/sslapitest.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index 391a76b8de..7d6d738199 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -1023,9 +1023,10 @@ static int execute_test_large_message(const SSL_METHOD *smeth,
+ /* sock must be connected */
+ static int ktls_chk_platform(int sock)
+ {
+- if (!ktls_enable(sock))
++/* if (!ktls_enable(sock))
+ return 0;
+- return 1;
++ return 1; */
++ return 0;
+ }
+
+ static int ping_pong_query(SSL *clientssl, SSL *serverssl)
+--
+2.48.1
+
diff --git a/0018-RH-Allow-disabling-of-SHA1-signatures.patch b/0018-RH-Allow-disabling-of-SHA1-signatures.patch
new file mode 100644
index 0000000..6aab356
--- /dev/null
+++ b/0018-RH-Allow-disabling-of-SHA1-signatures.patch
@@ -0,0 +1,490 @@
+From db128aa6407e5b014f6523dd5606346562bf0b02 Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <dbelyavs@redhat.com>
+Date: Mon, 21 Aug 2023 13:07:07 +0200
+Subject: [PATCH 18/49] RH: Allow disabling of SHA1 signatures
+
+Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch
+Patch-id: 49
+Patch-status: |
+ # Selectively disallow SHA1 signatures rhbz#2070977
+From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
+---
+ crypto/context.c | 33 +++++++++++
+ crypto/evp/evp_cnf.c | 13 +++++
+ crypto/evp/m_sigver.c | 56 +++++++++++++++++++
+ crypto/evp/pmeth_lib.c | 15 +++++
+ doc/man5/config.pod | 13 +++++
+ include/crypto/context.h | 8 +++
+ include/internal/cryptlib.h | 3 +-
+ include/internal/sslconf.h | 4 ++
+ providers/common/include/prov/securitycheck.h | 2 +
+ providers/common/securitycheck.c | 14 +++++
+ providers/common/securitycheck_default.c | 1 +
+ providers/implementations/signature/dsa_sig.c | 1 +
+ .../implementations/signature/ecdsa_sig.c | 3 +-
+ providers/implementations/signature/rsa_sig.c | 14 ++++-
+ ssl/t1_lib.c | 8 +++
+ util/libcrypto.num | 2 +
+ 16 files changed, 186 insertions(+), 4 deletions(-)
+
+diff --git a/crypto/context.c b/crypto/context.c
+index 614c8a2c88..92ed0752ac 100644
+--- a/crypto/context.c
++++ b/crypto/context.c
+@@ -85,6 +85,8 @@ struct ossl_lib_ctx_st {
+ #endif
+ STACK_OF(SSL_COMP) *comp_methods;
+
++ void *legacy_digest_signatures;
++
+ int ischild;
+ int conf_diagnostics;
+ };
+@@ -119,6 +121,25 @@ int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx)
+ return ctx->ischild;
+ }
+
++static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
++{
++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
++
++ if (ldsigs != NULL) {
++ OPENSSL_free(ldsigs);
++ }
++}
++
++static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
++{
++ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
++ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
++ * because the default on Fedora is to allow SHA-1 and support disabling
++ * it, while CentOS/RHEL disable it by default and allow enabling it. */
++ ldsigs->allowed = 0;
++ return ldsigs;
++}
++
+ static void context_deinit_objs(OSSL_LIB_CTX *ctx);
+
+ static int context_init(OSSL_LIB_CTX *ctx)
+@@ -235,6 +256,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
+ goto err;
+ #endif
+
++ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx);
++ if (ctx->legacy_digest_signatures == NULL)
++ goto err;
++
+ /* Low priority. */
+ #ifndef FIPS_MODULE
+ ctx->child_provider = ossl_child_prov_ctx_new(ctx);
+@@ -382,6 +407,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
+ }
+ #endif
+
++ if (ctx->legacy_digest_signatures != NULL) {
++ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures);
++ ctx->legacy_digest_signatures = NULL;
++ }
++
+ /* Low priority. */
+ #ifndef FIPS_MODULE
+ if (ctx->child_provider != NULL) {
+@@ -660,6 +690,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
+ case OSSL_LIB_CTX_COMP_METHODS:
+ return (void *)&ctx->comp_methods;
+
++ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX:
++ return ctx->legacy_digest_signatures;
++
+ default:
+ return NULL;
+ }
+diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
+index 0e7fe64cf9..b9d3b6d226 100644
+--- a/crypto/evp/evp_cnf.c
++++ b/crypto/evp/evp_cnf.c
+@@ -10,6 +10,7 @@
+ #include <stdio.h>
+ #include <openssl/crypto.h>
+ #include "internal/cryptlib.h"
++#include "internal/sslconf.h"
+ #include <openssl/conf.h>
+ #include <openssl/x509.h>
+ #include <openssl/x509v3.h>
+@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
+ return 0;
+ }
++ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) {
++ int m;
++
++ /* Detailed error already reported. */
++ if (!X509V3_get_value_bool(oval, &m))
++ return 0;
++
++ if (!ossl_ctx_legacy_digest_signatures_allowed_set(
++ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
++ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
++ return 0;
++ }
+ } else {
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
+ "name=%s, value=%s", oval->name, oval->value);
+diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
+index 2d1839fedb..7fee10ec74 100644
+--- a/crypto/evp/m_sigver.c
++++ b/crypto/evp/m_sigver.c
+@@ -15,6 +15,50 @@
+ #include "internal/provider.h"
+ #include "internal/numbers.h" /* includes SIZE_MAX */
+ #include "evp_local.h"
++#include "crypto/context.h"
++
++static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
++ OSSL_LIB_CTX *libctx, int loadconfig)
++{
++#ifndef FIPS_MODULE
++ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
++ return NULL;
++#endif
++
++ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX);
++}
++
++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
++{
++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
++
++ #ifndef FIPS_MODULE
++ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL)
++ /* used in tests */
++ return 1;
++ #endif
++
++ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
++ * because the default on Fedora is to allow SHA-1 and support disabling
++ * it, while CentOS/RHEL disable it by default and allow enabling it. */
++ return ldsigs != NULL ? ldsigs->allowed : 0;
++}
++
++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
++ int loadconfig)
++{
++ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
++ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
++
++ if (ldsigs == NULL) {
++ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
++ return 0;
++ }
++
++ ldsigs->allowed = allow;
++ return 1;
++}
+
+ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
+ {
+@@ -251,6 +295,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
+ }
+ }
+
++ if (ctx->reqdigest != NULL
++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
++ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
++ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
++ int mdnid = EVP_MD_nid(ctx->reqdigest);
++ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
++ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
++ goto err;
++ }
++ }
++
+ if (ver) {
+ if (signature->digest_verify_init == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
+index 846a790152..da4a552a60 100644
+--- a/crypto/evp/pmeth_lib.c
++++ b/crypto/evp/pmeth_lib.c
+@@ -33,6 +33,7 @@
+ #include "internal/ffc.h"
+ #include "internal/numbers.h"
+ #include "internal/provider.h"
++#include "internal/sslconf.h"
+ #include "evp_local.h"
+
+ #ifndef FIPS_MODULE
+@@ -952,6 +953,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
+ return -2;
+ }
+
++ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
++ && md != NULL
++ && ctx->pkey != NULL
++ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
++ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
++ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
++ int mdnid = EVP_MD_nid(md);
++ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
++ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
++ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
++ return -1;
++ }
++ }
++
+ if (fallback)
+ return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
+
+diff --git a/doc/man5/config.pod b/doc/man5/config.pod
+index 39fa468320..b994081924 100644
+--- a/doc/man5/config.pod
++++ b/doc/man5/config.pod
+@@ -315,6 +315,19 @@ Within the algorithm properties section, the following names have meaning:
+ The value may be anything that is acceptable as a property query
+ string for EVP_set_default_properties().
+
++=item B<rh-allow-sha1-signatures>
++
++The value is a boolean that can be B<yes> or B<no>. If the value is not set,
++it behaves as if it was set to B<yes>.
++
++When set to B<no>, any attempt to create or verify a signature with a SHA1
++digest will fail. To test whether your software will work with future versions
++of OpenSSL, set this option to B<no>. This setting also affects TLS, where
++signature algorithms that use SHA1 as digest will no longer be supported if
++this option is set to B<no>. Because TLS 1.1 or lower use MD5-SHA1 as
++pseudorandom function (PRF) to derive key material, disabling
++B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
++
+ =item B<fips_mode> (deprecated)
+
+ The value is a boolean that can be B<yes> or B<no>. If the value is
+diff --git a/include/crypto/context.h b/include/crypto/context.h
+index 1c181933e0..35bdfdb52d 100644
+--- a/include/crypto/context.h
++++ b/include/crypto/context.h
+@@ -48,3 +48,11 @@ void ossl_release_default_drbg_ctx(void);
+ #if defined(OPENSSL_THREADS)
+ void ossl_threads_ctx_free(void *);
+ #endif
++
++#ifndef OSSL_LEGACY_DIGEST_SIGNATURES_STRUCT
++#define OSSL_LEGACY_DIGEST_SIGNATURES_STRUCT
++typedef struct ossl_legacy_digest_signatures_st {
++ int allowed;
++} OSSL_LEGACY_DIGEST_SIGNATURES;
++#endif
++
+diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
+index da442f8a86..44a5e8a99a 100644
+--- a/include/internal/cryptlib.h
++++ b/include/internal/cryptlib.h
+@@ -120,7 +120,8 @@ typedef struct ossl_ex_data_global_st {
+ # define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20
+ # define OSSL_LIB_CTX_COMP_METHODS 21
+ # define OSSL_LIB_CTX_INDICATOR_CB_INDEX 22
+-# define OSSL_LIB_CTX_MAX_INDEXES 22
++# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 23
++# define OSSL_LIB_CTX_MAX_INDEXES 23
+
+ OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
+ int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
+diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
+index fd7f7e3331..05464b0655 100644
+--- a/include/internal/sslconf.h
++++ b/include/internal/sslconf.h
+@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
+ void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
+ char **arg);
+
++/* Methods to support disabling all signatures with legacy digests */
++int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
++int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
++ int loadconfig);
+ #endif
+diff --git a/providers/common/include/prov/securitycheck.h b/providers/common/include/prov/securitycheck.h
+index 29a2b7fbf8..a48cbb03d2 100644
+--- a/providers/common/include/prov/securitycheck.h
++++ b/providers/common/include/prov/securitycheck.h
+@@ -37,3 +37,5 @@ int ossl_digest_get_approved_nid(const EVP_MD *md);
+ /* Functions that have different implementations for the FIPS_MODULE */
+ int ossl_digest_rsa_sign_get_md_nid(const EVP_MD *md);
+ int ossl_fips_config_securitycheck_enabled(OSSL_LIB_CTX *libctx);
++
++int rh_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int mdnid);
+diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
+index 8ef8dc2a81..79a9c48ce2 100644
+--- a/providers/common/securitycheck.c
++++ b/providers/common/securitycheck.c
+@@ -19,6 +19,7 @@
+ #include <openssl/core_names.h>
+ #include <openssl/obj_mac.h>
+ #include "prov/securitycheck.h"
++#include "internal/sslconf.h"
+
+ #define OSSL_FIPS_MIN_SECURITY_STRENGTH_BITS 112
+
+@@ -219,3 +220,16 @@ int ossl_dh_check_key(const DH *dh)
+ return (L == 2048 && (N == 224 || N == 256));
+ }
+ #endif /* OPENSSL_NO_DH */
++
++int rh_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int mdnid)
++{
++#ifndef FIPS_MODULE
++ if (!ossl_ctx_legacy_digest_signatures_allowed(libctx, 0))
++ /* SHA1 is globally disabled, check whether we want to locally allow
++ * it. */
++#endif
++ if (mdnid == NID_sha1)
++ mdnid = -1;
++
++ return mdnid;
++}
+diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
+index dd71fd91eb..9019fd2a80 100644
+--- a/providers/common/securitycheck_default.c
++++ b/providers/common/securitycheck_default.c
+@@ -15,6 +15,7 @@
+ #include <openssl/obj_mac.h>
+ #include "prov/securitycheck.h"
+ #include "internal/nelem.h"
++#include "internal/sslconf.h"
+
+ /* Disable the security checks in the default provider */
+ int ossl_fips_config_securitycheck_enabled(OSSL_LIB_CTX *libctx)
+diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
+index 4b585bb704..3b976b68bf 100644
+--- a/providers/implementations/signature/dsa_sig.c
++++ b/providers/implementations/signature/dsa_sig.c
+@@ -163,6 +163,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
+
+ md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
+ md_nid = ossl_digest_get_approved_nid(md);
++ md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid);
+
+ if (md == NULL || md_nid < 0) {
+ if (md == NULL)
+diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
+index 6fef96c86a..1998a48c72 100644
+--- a/providers/implementations/signature/ecdsa_sig.c
++++ b/providers/implementations/signature/ecdsa_sig.c
+@@ -197,7 +197,8 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx,
+ goto err;
+ }
+ md_nid = ossl_digest_get_approved_nid(md);
+- if (md_nid == NID_undef) {
++ md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid);
++ if (md_nid <= 0) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
+ "digest=%s", mdname);
+ goto err;
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index e75b90840b..788299fee3 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -26,6 +26,7 @@
+ #include "internal/cryptlib.h"
+ #include "internal/nelem.h"
+ #include "internal/sizes.h"
++#include "internal/sslconf.h"
+ #include "crypto/rsa.h"
+ #include "prov/providercommon.h"
+ #include "prov/implementations.h"
+@@ -34,6 +35,7 @@
+ #include "prov/securitycheck.h"
+
+ #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
++#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
+
+ static OSSL_FUNC_signature_newctx_fn rsa_newctx;
+ static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
+@@ -387,7 +389,8 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
+ goto err;
+ }
+ md_nid = ossl_digest_rsa_sign_get_md_nid(md);
+- if (md_nid == NID_undef) {
++ md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid);
++ if (md_nid <= 0) {
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
+ "digest=%s", mdname);
+ goto err;
+@@ -475,8 +478,9 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname,
+ "%s could not be fetched", mdname);
+ return 0;
+ }
+- /* The default for mgf1 is SHA1 - so allow SHA1 */
++ /* The default for mgf1 is SHA1 - so check if we allow SHA1 */
+ if ((mdnid = ossl_digest_rsa_sign_get_md_nid(md)) <= 0
++ || (mdnid = rh_digest_signatures_allowed(ctx->libctx, mdnid)) <= 0
+ || !rsa_check_padding(ctx, NULL, mdname, mdnid)) {
+ if (mdnid <= 0)
+ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
+@@ -1768,6 +1772,12 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+ && pad_mode == RSA_PKCS1_PSS_PADDING)
+ pmdname = RSA_DEFAULT_DIGEST_NAME;
+
++#ifndef FIPS_MODULE
++ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
++ pmdname = prsactx->md == NULL ? RSA_DEFAULT_DIGEST_NAME_NONLEGACY : (char *)EVP_MD_name(prsactx->md);
++ }
++#endif
++
+ if (pmgf1mdname != NULL
+ && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
+ return 0;
+diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
+index 8f5f9b4c4b..e465d77269 100644
+--- a/ssl/t1_lib.c
++++ b/ssl/t1_lib.c
+@@ -21,6 +21,7 @@
+ #include <openssl/bn.h>
+ #include <openssl/provider.h>
+ #include <openssl/param_build.h>
++#include "internal/sslconf.h"
+ #include "internal/nelem.h"
+ #include "internal/sizes.h"
+ #include "internal/tlsgroups.h"
+@@ -2176,6 +2177,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
+ EVP_PKEY *tmpkey = EVP_PKEY_new();
+ int istls;
+ int ret = 0;
++ int ldsigs_allowed;
+
+ if (ctx == NULL)
+ goto err;
+@@ -2193,6 +2195,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
+ goto err;
+
+ ERR_set_mark();
++ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
+ /* First fill cache and tls12_sigalgs list from legacy algorithm list */
+ for (i = 0, lu = sigalg_lookup_tbl;
+ i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
+@@ -2213,6 +2216,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
+ cache[i].available = 0;
+ continue;
+ }
++ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
++ && !ldsigs_allowed) {
++ cache[i].available = 0;
++ continue;
++ }
+
+ if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
+ cache[i].available = 0;
+diff --git a/util/libcrypto.num b/util/libcrypto.num
+index 73cebdf360..205c5d916e 100644
+--- a/util/libcrypto.num
++++ b/util/libcrypto.num
+@@ -5928,3 +5928,5 @@ OSSL_AA_DIST_POINT_free ? 3_5_0 EXIST::FUNCTION:
+ OSSL_AA_DIST_POINT_new ? 3_5_0 EXIST::FUNCTION:
+ OSSL_AA_DIST_POINT_it ? 3_5_0 EXIST::FUNCTION:
+ PEM_ASN1_write_bio_ctx ? 3_5_0 EXIST::FUNCTION:
++ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
++ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
+--
+2.48.1
+
diff --git a/0019-FIPS-Force-fips-provider-on.patch b/0019-FIPS-Force-fips-provider-on.patch
new file mode 100644
index 0000000..224ef5e
--- /dev/null
+++ b/0019-FIPS-Force-fips-provider-on.patch
@@ -0,0 +1,79 @@
+From 92da106e3315b815634f4537bc940466a5ed8a1f Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 19/49] FIPS: Force fips provider on
+
+Patch-name: 0032-Force-fips.patch
+Patch-id: 32
+Patch-status: |
+ # # We load FIPS provider and set FIPS properties implicitly
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ crypto/provider_conf.c | 30 +++++++++++++++++++++++++++++-
+ 1 file changed, 29 insertions(+), 1 deletion(-)
+
+diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
+index 5ec50f97e4..a2a9786e1c 100644
+--- a/crypto/provider_conf.c
++++ b/crypto/provider_conf.c
+@@ -10,6 +10,8 @@
+ #include <string.h>
+ #include <openssl/trace.h>
+ #include <openssl/err.h>
++#include <openssl/evp.h>
++#include <unistd.h>
+ #include <openssl/conf.h>
+ #include <openssl/safestack.h>
+ #include <openssl/provider.h>
+@@ -237,7 +239,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
+ if (path != NULL)
+ ossl_provider_set_module_path(prov, path);
+
+- ok = provider_conf_params(prov, NULL, NULL, value, cnf);
++ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;
+
+ if (ok == 1) {
+ if (!ossl_provider_activate(prov, 1, 0)) {
+@@ -266,6 +268,8 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
+
+ if (ok <= 0)
+ ossl_provider_free(prov);
++ } else {
++ ok = 1;
+ }
+ CRYPTO_THREAD_unlock(pcgbl->lock);
+
+@@ -420,6 +424,30 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
+ return 0;
+ }
+
++ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
++ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
++# define FIPS_LOCAL_CONF OPENSSLDIR "/fips_local.cnf"
++
++ if (access(FIPS_LOCAL_CONF, R_OK) == 0) {
++ CONF *fips_conf = NCONF_new_ex(libctx, NCONF_default());
++ if (NCONF_load(fips_conf, FIPS_LOCAL_CONF, NULL) <= 0)
++ return 0;
++
++ if (provider_conf_load(libctx, "fips", "fips_sect", fips_conf) != 1) {
++ NCONF_free(fips_conf);
++ return 0;
++ }
++ NCONF_free(fips_conf);
++ } else {
++ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
++ return 0;
++ }
++ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
++ return 0;
++ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
++ return 0;
++ }
++
+ return 1;
+ }
+
+--
+2.48.1
+
diff --git a/0020-FIPS-Embed-hmac-in-fips.so-NOTE.patch b/0020-FIPS-Embed-hmac-in-fips.so-NOTE.patch
new file mode 100644
index 0000000..ffcf5d2
--- /dev/null
+++ b/0020-FIPS-Embed-hmac-in-fips.so-NOTE.patch
@@ -0,0 +1,265 @@
+From 9a711857906d0e26f215b0d7dbf7b5f90da22a21 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 20/49] FIPS: Embed hmac in fips.so - NOTE
+
+Corrected by squashing in:
+0052-Restore-the-correct-verify_integrity-function.patch
+
+Patch-name: 0033-FIPS-embed-hmac.patch
+Patch-id: 33
+Patch-status: |
+ # # Embed HMAC into the fips.so
+ # Modify fips self test as per
+ # https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ providers/fips/self_test.c | 170 ++++++++++++++++++++++++++++++++++---
+ test/fipsmodule.cnf | 2 +
+ 2 files changed, 161 insertions(+), 11 deletions(-)
+ create mode 100644 test/fipsmodule.cnf
+
+diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
+index ef7be26ca7..8b17b8ca94 100644
+--- a/providers/fips/self_test.c
++++ b/providers/fips/self_test.c
+@@ -235,13 +235,137 @@ err:
+ return ok;
+ }
+
++#define HMAC_LEN 32
++/*
++ * The __attribute__ ensures we've created the .rodata1 section
++ * static ensures it's zero filled
++*/
++static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0};
++
+ /*
+ * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify
+ * the result matches the expected value.
+ * Return 1 if verified, or 0 if it fails.
+ */
++
++#ifndef __USE_GNU
++#define __USE_GNU
++#include <dlfcn.h>
++#undef __USE_GNU
++#else
++#include <dlfcn.h>
++#endif
++#include <link.h>
++
++static int verify_integrity_rodata(OSSL_CORE_BIO *bio,
++ OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
++ const unsigned char *expected,
++ size_t expected_len, OSSL_LIB_CTX *libctx,
++ OSSL_SELF_TEST *ev, const char *event_type)
++{
++ int ret = 0, status;
++ unsigned char out[MAX_MD_SIZE];
++ unsigned char buf[INTEGRITY_BUF_SIZE];
++ size_t bytes_read = 0, out_len = 0;
++ EVP_MAC *mac = NULL;
++ EVP_MAC_CTX *ctx = NULL;
++ OSSL_PARAM params[2], *p = params;
++ Dl_info info;
++ void *extra_info = NULL;
++ struct link_map *lm = NULL;
++ unsigned long paddr;
++ unsigned long off = 0;
++
++ if (expected_len != HMAC_LEN)
++ goto err;
++
++ if (!integrity_self_test(ev, libctx))
++ goto err;
++
++ OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
++
++ if (!dladdr1 ((const void *)fips_hmac_container,
++ &info, &extra_info, RTLD_DL_LINKMAP))
++ goto err;
++ lm = extra_info;
++ paddr = (unsigned long)fips_hmac_container - lm->l_addr;
++
++ mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
++ if (mac == NULL)
++ goto err;
++ ctx = EVP_MAC_CTX_new(mac);
++ if (ctx == NULL)
++ goto err;
++
++ *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME, 0);
++ *p = OSSL_PARAM_construct_end();
++
++ if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
++ goto err;
++
++ while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
++ status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
++ if (status != 1)
++ break;
++ if (!EVP_MAC_update(ctx, buf, bytes_read))
++ goto err;
++ off += bytes_read;
++ }
++
++ if (off < paddr) {
++ int delta = paddr - off;
++ status = read_ex_cb(bio, buf, delta, &bytes_read);
++ if (status != 1)
++ goto err;
++ if (!EVP_MAC_update(ctx, buf, bytes_read))
++ goto err;
++ off += bytes_read;
++ }
++
++ /* read away the buffer */
++ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
++ if (status != 1)
++ goto err;
++
++ /* check that it is the expect bytes, no point in continuing otherwise */
++ if (memcmp(expected, buf, HMAC_LEN) != 0)
++ goto err;
++
++ /* replace in-file HMAC buffer with the original zeros */
++ memset(buf, 0, HMAC_LEN);
++ if (!EVP_MAC_update(ctx, buf, HMAC_LEN))
++ goto err;
++ off += HMAC_LEN;
++
++ while (bytes_read > 0) {
++ status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
++ if (status != 1)
++ break;
++ if (!EVP_MAC_update(ctx, buf, bytes_read))
++ goto err;
++ off += bytes_read;
++ }
++
++ if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
++ goto err;
++
++ OSSL_SELF_TEST_oncorrupt_byte(ev, out);
++ if (expected_len != out_len
++ || memcmp(expected, out, out_len) != 0)
++ goto err;
++ ret = 1;
++err:
++ OSSL_SELF_TEST_onend(ev, ret);
++ EVP_MAC_CTX_free(ctx);
++ EVP_MAC_free(mac);
++# ifdef OPENSSL_PEDANTIC_ZEROIZATION
++ OPENSSL_cleanse(out, sizeof(out));
++# endif
++ return ret;
++}
++
+ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
+- unsigned char *expected, size_t expected_len,
++ const unsigned char *expected, size_t expected_len,
+ OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
+ const char *event_type)
+ {
+@@ -253,6 +377,9 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
+ EVP_MAC_CTX *ctx = NULL;
+ OSSL_PARAM params[2], *p = params;
+
++ if (expected_len != HMAC_LEN)
++ goto err;
++
+ if (!integrity_self_test(ev, libctx))
+ goto err;
+
+@@ -316,7 +443,8 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+ int ok = 0;
+ long checksum_len;
+ OSSL_CORE_BIO *bio_module = NULL;
+- unsigned char *module_checksum = NULL;
++ const unsigned char *module_checksum = NULL;
++ unsigned char *alloc_checksum = NULL;
+ OSSL_SELF_TEST *ev = NULL;
+ EVP_RAND *testrand = NULL;
+ EVP_RAND_CTX *rng;
+@@ -352,8 +480,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+ return 0;
+ }
+
+- if (st == NULL
+- || st->module_checksum_data == NULL) {
++ if (st == NULL) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
+ goto end;
+ }
+@@ -362,8 +489,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+ if (ev == NULL)
+ goto end;
+
+- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
+- &checksum_len);
++ if (st->module_checksum_data == NULL) {
++ module_checksum = fips_hmac_container;
++ checksum_len = sizeof(fips_hmac_container);
++ } else {
++ alloc_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
++ &checksum_len);
++ module_checksum = alloc_checksum;
++ }
++
+ if (module_checksum == NULL) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
+ goto end;
+@@ -371,14 +505,28 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+ bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb");
+
+ /* Always check the integrity of the fips module */
+- if (bio_module == NULL
+- || !verify_integrity(bio_module, st->bio_read_ex_cb,
+- module_checksum, checksum_len, st->libctx,
+- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
++ if (bio_module == NULL) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
+ goto end;
+ }
+
++ if (st->module_checksum_data == NULL) {
++ if (!verify_integrity_rodata(bio_module, st->bio_read_ex_cb,
++ module_checksum, checksum_len,
++ st->libctx, ev,
++ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
++ goto end;
++ }
++ } else {
++ if (!verify_integrity(bio_module, st->bio_read_ex_cb,
++ module_checksum, checksum_len, st->libctx,
++ ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
++ goto end;
++ }
++ }
++
+ if (!SELF_TEST_kats(ev, st->libctx)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
+ goto end;
+@@ -398,7 +546,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+ end:
+ EVP_RAND_free(testrand);
+ OSSL_SELF_TEST_free(ev);
+- OPENSSL_free(module_checksum);
++ OPENSSL_free(alloc_checksum);
+
+ if (st != NULL)
+ (*st->bio_free_cb)(bio_module);
+diff --git a/test/fipsmodule.cnf b/test/fipsmodule.cnf
+new file mode 100644
+index 0000000000..f05d0dedbe
+--- /dev/null
++++ b/test/fipsmodule.cnf
+@@ -0,0 +1,2 @@
++[fips_sect]
++activate = 1
+--
+2.48.1
+
diff --git a/0021-FIPS-Add-script-to-hmac-ify-the-fips.so-provider.patch b/0021-FIPS-Add-script-to-hmac-ify-the-fips.so-provider.patch
new file mode 100644
index 0000000..0e56607
--- /dev/null
+++ b/0021-FIPS-Add-script-to-hmac-ify-the-fips.so-provider.patch
@@ -0,0 +1,32 @@
+From f3abb42273e20c09d421d1d931ad53dcd1c492b4 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Thu, 20 Feb 2025 15:30:32 -0500
+Subject: [PATCH 21/49] FIPS: Add script to hmac-ify the fips.so provider
+
+This script rewrites the fips.so binary to embed the hmac result into it
+so that after a build it can be called to make the fips.so as modified
+by Red Hat to properly pass the integrty test
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ fips-hmacify.sh | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+ create mode 100755 fips-hmacify.sh
+
+diff --git a/fips-hmacify.sh b/fips-hmacify.sh
+new file mode 100755
+index 0000000000..54ae60b07f
+--- /dev/null
++++ b/fips-hmacify.sh
+@@ -0,0 +1,8 @@
++#!/bin/bash
++
++dd if=/dev/zero bs=1 count=32 of=tmp.mac >/dev/null 2>&1
++objcopy --update-section .rodata1=tmp.mac providers/fips.so providers/fips.so.zeromac
++mv providers/fips.so.zeromac providers/fips.so
++LD_LIBRARY_PATH=. apps/openssl dgst -binary -sha256 -mac HMAC -macopt hexkey:f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813 < providers/fips.so > providers/fips.so.hmac
++objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so providers/fips.so.mac
++mv providers/fips.so.mac providers/fips.so
+--
+2.48.1
+
diff --git a/0022-FIPS-disable-fipsinstall.patch b/0022-FIPS-disable-fipsinstall.patch
new file mode 100644
index 0000000..e417ce3
--- /dev/null
+++ b/0022-FIPS-disable-fipsinstall.patch
@@ -0,0 +1,870 @@
+From 38f09a3c4e9b93143890a429889cc4a309a318a7 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 22/49] FIPS: disable fipsinstall
+
+Patch-name: 0034.fipsinstall_disable.patch
+Patch-id: 34
+Patch-status: |
+ # # Comment out fipsinstall command-line utility
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ apps/fipsinstall.c | 3 +
+ doc/man1/openssl-fipsinstall.pod.in | 485 +-------------------------
+ doc/man1/openssl.pod | 4 -
+ doc/man5/config.pod | 1 -
+ doc/man5/fips_config.pod | 228 +-----------
+ doc/man7/OSSL_PROVIDER-FIPS.pod | 1 -
+ test/recipes/00-prep_fipsmodule_cnf.t | 10 +-
+ test/recipes/01-test_fipsmodule_cnf.t | 7 +-
+ test/recipes/03-test_fipsinstall.t | 2 +
+ 9 files changed, 22 insertions(+), 719 deletions(-)
+ mode change 100644 => 100755 test/recipes/00-prep_fipsmodule_cnf.t
+ mode change 100644 => 100755 test/recipes/01-test_fipsmodule_cnf.t
+ mode change 100644 => 100755 test/recipes/03-test_fipsinstall.t
+
+diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
+index 0daa55a1b8..b4e29ac301 100644
+--- a/apps/fipsinstall.c
++++ b/apps/fipsinstall.c
+@@ -590,6 +590,9 @@ int fipsinstall_main(int argc, char **argv)
+ EVP_MAC *mac = NULL;
+ CONF *conf = NULL;
+
++ BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n");
++ return 1;
++
+ if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
+ goto end;
+
+diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
+index 9dd4f5a49f..9a063022a9 100644
+--- a/doc/man1/openssl-fipsinstall.pod.in
++++ b/doc/man1/openssl-fipsinstall.pod.in
+@@ -8,488 +8,9 @@ openssl-fipsinstall - perform FIPS configuration installation
+ =head1 SYNOPSIS
+
+ B<openssl fipsinstall>
+-[B<-help>]
+-[B<-in> I<configfilename>]
+-[B<-out> I<configfilename>]
+-[B<-module> I<modulefilename>]
+-[B<-provider_name> I<providername>]
+-[B<-section_name> I<sectionname>]
+-[B<-verify>]
+-[B<-mac_name> I<macname>]
+-[B<-macopt> I<nm>:I<v>]
+-[B<-noout>]
+-[B<-quiet>]
+-[B<-pedantic>]
+-[B<-no_conditional_errors>]
+-[B<-no_security_checks>]
+-[B<-hmac_key_check>]
+-[B<-kmac_key_check>]
+-[B<-ems_check>]
+-[B<-no_drbg_truncated_digests>]
+-[B<-signature_digest_check>]
+-[B<-hkdf_digest_check>]
+-[B<-tls13_kdf_digest_check>]
+-[B<-tls1_prf_digest_check>]
+-[B<-sshkdf_digest_check>]
+-[B<-sskdf_digest_check>]
+-[B<-x963kdf_digest_check>]
+-[B<-dsa_sign_disabled>]
+-[B<-no_pbkdf2_lower_bound_check>]
+-[B<-no_short_mac>]
+-[B<-tdes_encrypt_disabled>]
+-[B<-rsa_pkcs15_padding_disabled>]
+-[B<-rsa_pss_saltlen_check>]
+-[B<-rsa_sign_x931_disabled>]
+-[B<-hkdf_key_check>]
+-[B<-kbkdf_key_check>]
+-[B<-tls13_kdf_key_check>]
+-[B<-tls1_prf_key_check>]
+-[B<-sshkdf_key_check>]
+-[B<-sskdf_key_check>]
+-[B<-x963kdf_key_check>]
+-[B<-x942kdf_key_check>]
+-[B<-ecdh_cofactor_check>]
+-[B<-self_test_onload>]
+-[B<-self_test_oninstall>]
+-[B<-corrupt_desc> I<selftest_description>]
+-[B<-corrupt_type> I<selftest_type>]
+-[B<-config> I<parent_config>]
+-
+-=head1 DESCRIPTION
+-
+-This command is used to generate a FIPS module configuration file.
+-This configuration file can be used each time a FIPS module is loaded
+-in order to pass data to the FIPS module self tests. The FIPS module always
+-verifies its MAC, but optionally only needs to run the KAT's once,
+-at installation.
+-
+-The generated configuration file consists of:
+-
+-=over 4
+-
+-=item - A MAC of the FIPS module file.
+-
+-=item - A test status indicator.
+-
+-This indicates if the Known Answer Self Tests (KAT's) have successfully run.
+-
+-=item - A MAC of the status indicator.
+-
+-=item - A control for conditional self tests errors.
+-
+-By default if a continuous test (e.g a key pair test) fails then the FIPS module
+-will enter an error state, and no services or cryptographic algorithms will be
+-able to be accessed after this point.
+-The default value of '1' will cause the fips module error state to be entered.
+-If the value is '0' then the module error state will not be entered.
+-Regardless of whether the error state is entered or not, the current operation
+-(e.g. key generation) will return an error. The user is responsible for retrying
+-the operation if the module error state is not entered.
+-
+-=item - A control to indicate whether run-time security checks are done.
+-
+-This indicates if run-time checks related to enforcement of security parameters
+-such as minimum security strength of keys and approved curve names are used.
+-The default value of '1' will perform the checks.
+-If the value is '0' the checks are not performed and FIPS compliance must
+-be done by procedures documented in the relevant Security Policy.
+-
+-=back
+-
+-This file is described in L<fips_config(5)>.
+-
+-=head1 OPTIONS
+-
+-=over 4
+-
+-=item B<-help>
+-
+-Print a usage message.
+-
+-=item B<-module> I<filename>
+-
+-Filename of the FIPS module to perform an integrity check on.
+-The path provided in the filename is used to load the module when it is
+-activated, and this overrides the environment variable B<OPENSSL_MODULES>.
+-
+-=item B<-out> I<configfilename>
+-
+-Filename to output the configuration data to; the default is standard output.
+-
+-=item B<-in> I<configfilename>
+-
+-Input filename to load configuration data from.
+-Must be used if the B<-verify> option is specified.
+-
+-=item B<-verify>
+-
+-Verify that the input configuration file contains the correct information.
+-
+-=item B<-provider_name> I<providername>
+-
+-Name of the provider inside the configuration file.
+-The default value is C<fips>.
+-
+-=item B<-section_name> I<sectionname>
+-
+-Name of the section inside the configuration file.
+-The default value is C<fips_sect>.
+-
+-=item B<-mac_name> I<name>
+-
+-Specifies the name of a supported MAC algorithm which will be used.
+-The MAC mechanisms that are available will depend on the options
+-used when building OpenSSL.
+-To see the list of supported MAC's use the command
+-C<openssl list -mac-algorithms>. The default is B<HMAC>.
+-
+-=item B<-macopt> I<nm>:I<v>
+-
+-Passes options to the MAC algorithm.
+-A comprehensive list of controls can be found in the EVP_MAC implementation
+-documentation.
+-Common control strings used for this command are:
+-
+-=over 4
+-
+-=item B<key>:I<string>
+-
+-Specifies the MAC key as an alphanumeric string (use if the key contains
+-printable characters only).
+-The string length must conform to any restrictions of the MAC algorithm.
+-A key must be specified for every MAC algorithm.
+-If no key is provided, the default that was specified when OpenSSL was
+-configured is used.
+-
+-=item B<hexkey>:I<string>
+-
+-Specifies the MAC key in hexadecimal form (two hex digits per byte).
+-The key length must conform to any restrictions of the MAC algorithm.
+-A key must be specified for every MAC algorithm.
+-If no key is provided, the default that was specified when OpenSSL was
+-configured is used.
+-
+-=item B<digest>:I<string>
+-
+-Used by HMAC as an alphanumeric string (use if the key contains printable
+-characters only).
+-The string length must conform to any restrictions of the MAC algorithm.
+-To see the list of supported digests, use the command
+-C<openssl list -digest-commands>.
+-The default digest is SHA-256.
+-
+-=back
+-
+-=item B<-noout>
+-
+-Disable logging of the self tests.
+-
+-=item B<-pedantic>
+-
+-Configure the module so that it is strictly FIPS compliant rather
+-than being backwards compatible. This enables conditional errors,
+-security checks etc. Note that any previous configuration options will
+-be overwritten and any subsequent configuration options that violate
+-FIPS compliance will result in an error.
+-
+-=item B<-no_conditional_errors>
+-
+-Configure the module to not enter an error state if a conditional self test
+-fails as described above.
+-
+-=item B<-no_security_checks>
+-
+-Configure the module to not perform run-time security checks as described above.
+-
+-Enabling the configuration option "no-fips-securitychecks" provides another way to
+-turn off the check at compile time.
+-
+-=item B<-ems_check>
+-
+-Configure the module to enable a run-time Extended Master Secret (EMS) check
+-when using the TLS1_PRF KDF algorithm. This check is disabled by default.
+-See RFC 7627 for information related to EMS.
+-
+-=item B<-no_short_mac>
+-
+-Configure the module to not allow short MAC outputs.
+-See SP 800-185 8.4.2 and FIPS 140-3 ID C.D for details.
+-
+-=item B<-hmac_key_check>
+-
+-Configure the module to not allow small keys sizes when using HMAC.
+-See SP 800-131Ar2 for details.
+-
+-=item B<-kmac_key_check>
+-
+-Configure the module to not allow small keys sizes when using KMAC.
+-See SP 800-131Ar2 for details.
+-
+-=item B<-no_drbg_truncated_digests>
+-
+-Configure the module to not allow truncated digests to be used with Hash and
+-HMAC DRBGs. See FIPS 140-3 IG D.R for details.
+-
+-=item B<-signature_digest_check>
+-
+-Configure the module to enforce signature algorithms to use digests that are
+-explicitly permitted by the various standards.
+-
+-=item B<-hkdf_digest_check>
+-
+-Configure the module to enable a run-time digest check when deriving a key by
+-HKDF.
+-See NIST SP 800-56Cr2 for details.
+-
+-=item B<-tls13_kdf_digest_check>
+-
+-Configure the module to enable a run-time digest check when deriving a key by
+-TLS13 KDF.
+-See RFC 8446 for details.
+-
+-=item B<-tls1_prf_digest_check>
+-
+-Configure the module to enable a run-time digest check when deriving a key by
+-TLS_PRF.
+-See NIST SP 800-135r1 for details.
+-
+-=item B<-sshkdf_digest_check>
+-
+-Configure the module to enable a run-time digest check when deriving a key by
+-SSHKDF.
+-See NIST SP 800-135r1 for details.
+-
+-=item B<-sskdf_digest_check>
+-
+-Configure the module to enable a run-time digest check when deriving a key by
+-SSKDF.
+-See NIST SP 800-56Cr2 for details.
+-
+-=item B<-x963kdf_digest_check>
+-
+-Configure the module to enable a run-time digest check when deriving a key by
+-X963KDF.
+-See NIST SP 800-131Ar2 for details.
+-
+-=item B<-dsa_sign_disabled>
+-
+-Configure the module to not allow DSA signing (DSA signature verification is
+-still allowed). See FIPS 140-3 IG C.K for details.
+-
+-=item B<-tdes_encrypt_disabled>
+-
+-Configure the module to not allow Triple-DES encryption.
+-Triple-DES decryption is still allowed for legacy purposes.
+-See SP800-131Ar2 for details.
+-
+-=item B<-rsa_pkcs15_padding_disabled>
+-
+-Configure the module to not allow PKCS#1 version 1.5 padding to be used with
+-RSA for key transport and key agreement. See NIST's SP 800-131A Revision 2
+-for details.
+-
+-=item B<-rsa_pss_saltlen_check>
+-
+-Configure the module to enable a run-time salt length check when generating or
+-verifying a RSA-PSS signature.
+-See FIPS 186-5 5.4 (g) for details.
+-
+-=item B<-rsa_sign_x931_disabled>
+-
+-Configure the module to not allow X9.31 padding to be used when signing with
+-RSA. See FIPS 140-3 IG C.K for details.
+-
+-=item B<-hkdf_key_check>
+-
+-Configure the module to enable a run-time short key-derivation key check when
+-deriving a key by HKDF.
+-See NIST SP 800-131Ar2 for details.
+-
+-=item B<-kbkdf_key_check>
+-
+-Configure the module to enable a run-time short key-derivation key check when
+-deriving a key by KBKDF.
+-See NIST SP 800-131Ar2 for details.
+-
+-=item B<-tls13_kdf_key_check>
+-
+-Configure the module to enable a run-time short key-derivation key check when
+-deriving a key by TLS13 KDF.
+-See NIST SP 800-131Ar2 for details.
+-
+-=item B<-tls1_prf_key_check>
+-
+-Configure the module to enable a run-time short key-derivation key check when
+-deriving a key by TLS_PRF.
+-See NIST SP 800-131Ar2 for details.
+-
+-=item B<-sshkdf_key_check>
+-
+-Configure the module to enable a run-time short key-derivation key check when
+-deriving a key by SSHKDF.
+-See NIST SP 800-131Ar2 for details.
+-
+-=item B<-sskdf_key_check>
+-
+-Configure the module to enable a run-time short key-derivation key check when
+-deriving a key by SSKDF.
+-See NIST SP 800-131Ar2 for details.
+-
+-=item B<-x963kdf_key_check>
+-
+-Configure the module to enable a run-time short key-derivation key check when
+-deriving a key by X963KDF.
+-See NIST SP 800-131Ar2 for details.
+-
+-=item B<-x942kdf_key_check>
+-
+-Configure the module to enable a run-time short key-derivation key check when
+-deriving a key by X942KDF.
+-See NIST SP 800-131Ar2 for details.
+-
+-=item B<-no_pbkdf2_lower_bound_check>
+-
+-Configure the module to not perform run-time lower bound check for PBKDF2.
+-See NIST SP 800-132 for details.
+-
+-=item B<-ecdh_cofactor_check>
+-
+-Configure the module to enable a run-time check that ECDH uses the EC curves
+-cofactor value when deriving a key. This only affects the 'B' and 'K' curves.
+-See SP 800-56A r3 Section 5.7.1.2 for details.
+-
+-=item B<-self_test_onload>
+-
+-Do not write the two fields related to the "test status indicator" and
+-"MAC status indicator" to the output configuration file. Without these fields
+-the self tests KATS will run each time the module is loaded. This option could be
+-used for cross compiling, since the self tests need to run at least once on each
+-target machine. Once the self tests have run on the target machine the user
+-could possibly then add the 2 fields into the configuration using some other
+-mechanism.
+-This option defaults to 0 for any OpenSSL FIPS 140-2 provider (OpenSSL 3.0.X).
+-and is not relevant for an OpenSSL FIPS 140-3 provider, since this is no
+-longer allowed.
+-
+-=item B<-self_test_oninstall>
+-
+-The converse of B<-self_test_oninstall>. The two fields related to the
+-"test status indicator" and "MAC status indicator" are written to the
+-output configuration file.
+-This field is not relevant for an OpenSSL FIPS 140-3 provider, since this is no
+-longer allowed.
+-
+-=item B<-quiet>
+-
+-Do not output pass/fail messages. Implies B<-noout>.
+-
+-=item B<-corrupt_desc> I<selftest_description>,
+-B<-corrupt_type> I<selftest_type>
+-
+-The corrupt options can be used to test failure of one or more self tests by
+-name.
+-Either option or both may be used to select the tests to corrupt.
+-Refer to the entries for B<st-desc> and B<st-type> in L<OSSL_PROVIDER-FIPS(7)> for
+-values that can be used.
+-
+-=item B<-config> I<parent_config>
+-
+-Test that a FIPS provider can be loaded from the specified configuration file.
+-A previous call to this application needs to generate the extra configuration
+-data that is included by the base C<parent_config> configuration file.
+-See L<config(5)> for further information on how to set up a provider section.
+-All other options are ignored if '-config' is used.
+-
+-=back
+-
+-=head1 NOTES
+-
+-Self tests results are logged by default if the options B<-quiet> and B<-noout>
+-are not specified, or if either of the options B<-corrupt_desc> or
+-B<-corrupt_type> are used.
+-If the base configuration file is set up to autoload the fips module, then the
+-fips module will be loaded and self tested BEFORE the fipsinstall application
+-has a chance to set up its own self test callback. As a result of this the self
+-test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored.
+-For normal usage the base configuration file should use the default provider
+-when generating the fips configuration file.
+-
+-The B<-self_test_oninstall> option was added and the
+-B<-self_test_onload> option was made the default in OpenSSL 3.1.
+-
+-The command and all remaining options were added in OpenSSL 3.0.
+-
+-=head1 EXAMPLES
+-
+-Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
+-for the module, and save the F<fips.cnf> configuration file:
+-
+- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips
+-
+-Verify that the configuration file F<fips.cnf> contains the correct info:
+-
+- openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify
+-
+-Corrupt any self tests which have the description C<SHA1>:
+-
+- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
+- -corrupt_desc 'SHA1'
+-
+-Validate that the fips module can be loaded from a base configuration file:
+-
+- export OPENSSL_CONF_INCLUDE=<path of configuration files>
+- export OPENSSL_MODULES=<provider-path>
+- openssl fipsinstall -config' 'default.cnf'
+-
+-
+-=head1 SEE ALSO
+-
+-L<config(5)>,
+-L<fips_config(5)>,
+-L<OSSL_PROVIDER-FIPS(7)>,
+-L<EVP_MAC(3)>
+-
+-=head1 HISTORY
+-
+-The B<openssl-fipsinstall> application was added in OpenSSL 3.0.
+-
+-The following options were added in OpenSSL 3.1:
+-
+-B<-ems_check>,
+-B<-self_test_oninstall>
+-
+-The following options were added in OpenSSL 3.2:
+-
+-B<-pedantic>,
+-B<-no_drbg_truncated_digests>
+-
+-The following options were added in OpenSSL 3.4:
+-
+-B<-hmac_key_check>,
+-B<-kmac_key_check>,
+-B<-signature_digest_check>,
+-B<-hkdf_digest_check>,
+-B<-tls13_kdf_digest_check>,
+-B<-tls1_prf_digest_check>,
+-B<-sshkdf_digest_check>,
+-B<-sskdf_digest_check>,
+-B<-x963kdf_digest_check>,
+-B<-dsa_sign_disabled>,
+-B<-no_pbkdf2_lower_bound_check>,
+-B<-no_short_mac>,
+-B<-tdes_encrypt_disabled>,
+-B<-rsa_pkcs15_padding_disabled>,
+-B<-rsa_pss_saltlen_check>,
+-B<-rsa_sign_x931_disabled>,
+-B<-hkdf_key_check>,
+-B<-kbkdf_key_check>,
+-B<-tls13_kdf_key_check>,
+-B<-tls1_prf_key_check>,
+-B<-sshkdf_key_check>,
+-B<-sskdf_key_check>,
+-B<-x963kdf_key_check>,
+-B<-x942kdf_key_check>,
+-B<-ecdh_cofactor_check>
++This command is disabled.
++Please consult Red Hat Enterprise Linux documentation to learn how to correctly
++enable FIPS mode on Red Hat Enterprise
+
+ =head1 COPYRIGHT
+
+diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
+index c68f0f073d..41bb1025b5 100644
+--- a/doc/man1/openssl.pod
++++ b/doc/man1/openssl.pod
+@@ -137,10 +137,6 @@ Engine (loadable module) information and manipulation.
+
+ Error Number to Error String Conversion.
+
+-=item B<fipsinstall>
+-
+-FIPS configuration installation.
+-
+ =item B<gendsa>
+
+ Generation of DSA Private Key from Parameters. Superseded by
+diff --git a/doc/man5/config.pod b/doc/man5/config.pod
+index b994081924..7a6d7fab4a 100644
+--- a/doc/man5/config.pod
++++ b/doc/man5/config.pod
+@@ -603,7 +603,6 @@ configuration files using that syntax will have to be modified.
+ =head1 SEE ALSO
+
+ L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>,
+-L<openssl-fipsinstall(1)>,
+ L<ASN1_generate_nconf(3)>,
+ L<EVP_set_default_properties(3)>,
+ L<CONF_modules_load(3)>,
+diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
+index a25ced3383..15748c5756 100644
+--- a/doc/man5/fips_config.pod
++++ b/doc/man5/fips_config.pod
+@@ -6,230 +6,10 @@ fips_config - OpenSSL FIPS configuration
+
+ =head1 DESCRIPTION
+
+-A separate configuration file, using the OpenSSL L<config(5)> syntax,
+-is used to hold information about the FIPS module. This includes a digest
+-of the shared library file, and status about the self-testing.
+-This data is used automatically by the module itself for two
+-purposes:
+-
+-=over 4
+-
+-=item - Run the startup FIPS self-test known answer tests (KATS).
+-
+-This is normally done once, at installation time, but may also be set up to
+-run each time the module is used.
+-
+-=item - Verify the module's checksum.
+-
+-This is done each time the module is used.
+-
+-=back
+-
+-This file is generated by the L<openssl-fipsinstall(1)> program, and
+-used internally by the FIPS module during its initialization.
+-
+-The following options are supported. They should all appear in a section
+-whose name is identified by the B<fips> option in the B<providers>
+-section, as described in L<config(5)/Provider Configuration Module>.
+-
+-=over 4
+-
+-=item B<activate>
+-
+-If present, the module is activated. The value assigned to this name is not
+-significant.
+-
+-=item B<conditional-errors>
+-
+-The FIPS module normally enters an internal error mode if any self test fails.
+-Once this error mode is active, no services or cryptographic algorithms are
+-accessible from this point on.
+-Continuous tests are a subset of the self tests (e.g., a key pair test during key
+-generation, or the CRNG output test).
+-Setting this value to C<0> allows the error mode to not be triggered if any
+-continuous test fails. The default value of C<1> will trigger the error mode.
+-Regardless of the value, the operation (e.g., key generation) that called the
+-continuous test will return an error code if its continuous test fails. The
+-operation may then be retried if the error mode has not been triggered.
+-
+-=item B<module-mac>
+-
+-The calculated MAC of the FIPS provider file.
+-
+-=item B<install-version>
+-
+-A version number for the fips install process. Should be 1.
+-
+-=item B<install-status>
+-
+-An indicator that the self-tests were successfully run.
+-This should only be written after the module has
+-successfully passed its self tests during installation.
+-If this field is not present, then the self tests will run when the module
+-loads.
+-
+-=item B<install-mac>
+-
+-A MAC of the value of the B<install-status> option, to prevent accidental
+-changes to that value.
+-It is written-to at the same time as B<install-status> is updated.
+-
+-=back
+-
+-=head2 FIPS indicator options
+-
+-The following FIPS configuration options indicate if run-time checks related to
+-enforcement of FIPS security parameters such as minimum security strength of
+-keys and approved curve names are used.
+-A value of '1' will perform the checks, otherwise if the value is '0' the checks
+-are not performed and FIPS compliance must be done by procedures documented in
+-the relevant Security Policy.
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> for further information related to these
+-options.
+-
+-=over 4
+-
+-=item B<security-checks>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-no_security_checks>
+-
+-=item B<tls1-prf-ems-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-ems_check>
+-
+-=item B<no-short-mac>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-no_short_mac>
+-
+-=item B<drbg-no-trunc-md>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-no_drbg_truncated_digests>
+-
+-=item B<signature-digest-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-signature_digest_check>
+-
+-=item B<hkdf-digest-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-hkdf_digest_check>
+-
+-=item B<tls13-kdf-digest-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-tls13_kdf_digest_check>
+-
+-=item B<tls1-prf-digest-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-tls1_prf_digest_check>
+-
+-=item B<sshkdf-digest-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-sshkdf_digest_check>
+-
+-=item B<sskdf-digest-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-sskdf_digest_check>
+-
+-=item B<x963kdf-digest-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-x963kdf_digest_check>
+-
+-=item B<dsa-sign-disabled>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-dsa_sign_disabled>
+-
+-=item B<tdes-encrypt-disabled>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-tdes_encrypt_disabled>
+-
+-=item B<rsa-pkcs15-pad-disabled>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-rsa_pkcs15_pad_disabled>
+-
+-=item B<rsa-pss-saltlen-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-rsa_pss_saltlen_check>
+-
+-=item B<rsa-sign-x931-pad-disabled>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-rsa_sign_x931_disabled>
+-
+-=item B<hkdf-key-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-hkdf_key_check>
+-
+-=item B<kbkdf-key-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-kbkdf_key_check>
+-
+-=item B<tls13-kdf-key-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-tls13_kdf_key_check>
+-
+-=item B<tls1-prf-key-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-tls1_prf_key_check>
+-
+-=item B<sshkdf-key-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-sshkdf_key_check>
+-
+-=item B<sskdf-key-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-sskdf_key_check>
+-
+-=item B<x963kdf-key-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-x963kdf_key_check>
+-
+-=item B<x942kdf-key-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-x942kdf_key_check>
+-
+-=item B<pbkdf2-lower-bound-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-no_pbkdf2_lower_bound_check>
+-
+-=item B<ecdh-cofactor-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-ecdh_cofactor_check>
+-
+-=item B<hmac-key-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-hmac_key_check>
+-
+-=item B<kmac-key-check>
+-
+-See L<openssl-fipsinstall(1)/OPTIONS> B<-kmac_key_check>
+-
+-=back
+-
+-For example:
+-
+- [fips_sect]
+- activate = 1
+- install-version = 1
+- conditional-errors = 1
+- security-checks = 1
+- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
+- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
+- install-status = INSTALL_SELF_TEST_KATS_RUN
+-
+-=head1 NOTES
+-
+-When using the FIPS provider, it is recommended that the
+-B<config_diagnostics> option is enabled to prevent accidental use of
+-non-FIPS validated algorithms via broken or mistaken configuration.
+-See L<config(5)>.
+-
+-=head1 SEE ALSO
+-
+-L<config(5)>
+-L<openssl-fipsinstall(1)>
+-
+-=head1 HISTORY
+-
+-This functionality was added in OpenSSL 3.0.
++This command is disabled in Red Hat Enterprise Linux. The FIPS provider is
++automatically loaded when the system is booted in FIPS mode, or when the
++environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
++for more information.
+
+ =head1 COPYRIGHT
+
+diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
+index 20d35fada8..f8f219d647 100644
+--- a/doc/man7/OSSL_PROVIDER-FIPS.pod
++++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
+@@ -575,7 +575,6 @@ want to operate in a FIPS approved manner. The algorithms are:
+
+ =head1 SEE ALSO
+
+-L<openssl-fipsinstall(1)>,
+ L<fips_config(5)>,
+ L<OSSL_SELF_TEST_set_callback(3)>,
+ L<OSSL_SELF_TEST_new(3)>,
+diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t
+old mode 100644
+new mode 100755
+index 4e3a6d85e8..48869b2568
+--- a/test/recipes/00-prep_fipsmodule_cnf.t
++++ b/test/recipes/00-prep_fipsmodule_cnf.t
+@@ -29,8 +29,10 @@ my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf');
+
+ plan tests => 1;
+
++ok(1 == 1);
++
+ # Create the $fipsmoduleconf file
+-ok(run(app(['openssl', 'fipsinstall', '-pedantic',
+- '-module', $fipsmodule, '-provider_name', 'fips',
+- '-section_name', 'fips_sect', '-out', $fipsmoduleconf])),
+- "fips install");
++#ok(run(app(['openssl', 'fipsinstall', '-pedantic',
++# '-module', $fipsmodule, '-provider_name', 'fips',
++# '-section_name', 'fips_sect', '-out', $fipsmoduleconf])),
++# "fips install");
+diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t
+old mode 100644
+new mode 100755
+index ce594817d5..4530a46dd0
+--- a/test/recipes/01-test_fipsmodule_cnf.t
++++ b/test/recipes/01-test_fipsmodule_cnf.t
+@@ -31,7 +31,8 @@ plan tests => 1;
+ my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
+ my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf');
+
++ok(1 == 1)
+ # verify the $fipsconf file
+-ok(run(app(['openssl', 'fipsinstall',
+- '-in', $fipsmoduleconf, '-module', $fipsmodule, '-verify'])),
+- "fipsinstall verify");
++#ok(run(app(['openssl', 'fipsinstall',
++# '-in', $fipsmoduleconf, '-module', $fipsmodule, '-verify'])),
++# "fipsinstall verify");
+diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t
+old mode 100644
+new mode 100755
+index 1f9110ef60..7e80637bd5
+--- a/test/recipes/03-test_fipsinstall.t
++++ b/test/recipes/03-test_fipsinstall.t
+@@ -22,6 +22,8 @@ use lib srctop_dir('Configurations');
+ use lib bldtop_dir('.');
+ use platform;
+
++plan skip_all => "Fipsinstall not available in Red Hat FIPS build";
++
+ plan skip_all => "Test only supported in a fips build" if disabled("fips");
+
+ # Compatible options for pedantic FIPS compliance
+--
+2.48.1
+
diff --git a/0023-FIPS-FIPS-140-3-key-checks-REVIEW.patch b/0023-FIPS-FIPS-140-3-key-checks-REVIEW.patch
new file mode 100644
index 0000000..3e35ee6
--- /dev/null
+++ b/0023-FIPS-FIPS-140-3-key-checks-REVIEW.patch
@@ -0,0 +1,390 @@
+From 9ffb012157d7b48009702739c0b9c532d7a2713d Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 23/49] FIPS: FIPS-140-3 key checks - REVIEW
+
+Patch-name: 0044-FIPS-140-3-keychecks.patch
+Patch-id: 44
+Patch-status: |
+ # # Extra public/private key checks required by FIPS-140-3
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ crypto/dh/dh_key.c | 26 ++++++++++
+ .../implementations/exchange/ecdh_exch.c | 19 ++++++++
+ providers/implementations/keymgmt/ec_kmgmt.c | 24 +++++++++-
+ providers/implementations/keymgmt/rsa_kmgmt.c | 18 +++++++
+ .../implementations/signature/ecdsa_sig.c | 37 +++++++++++++--
+ providers/implementations/signature/rsa_sig.c | 47 +++++++++++++++++--
+ 6 files changed, 162 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
+index 7132b9b68e..189bfc3e8b 100644
+--- a/crypto/dh/dh_key.c
++++ b/crypto/dh/dh_key.c
+@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ BN_MONT_CTX *mont = NULL;
+ BIGNUM *z = NULL, *pminus1;
+ int ret = -1;
++#ifdef FIPS_MODULE
++ int validate = 0;
++#endif
+
+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
+@@ -60,6 +63,13 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
+ return 0;
+ }
+
++#ifdef FIPS_MODULE
++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
++ return 0;
++ }
++#endif
++
+ ctx = BN_CTX_new_ex(dh->libctx);
+ if (ctx == NULL)
+ goto err;
+@@ -271,6 +281,9 @@ static int generate_key(DH *dh)
+ #endif
+ BN_CTX *ctx = NULL;
+ BIGNUM *pub_key = NULL, *priv_key = NULL;
++#ifdef FIPS_MODULE
++ int validate = 0;
++#endif
+
+ if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
+@@ -369,8 +382,21 @@ static int generate_key(DH *dh)
+ if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
+ goto err;
+
++#ifdef FIPS_MODULE
++ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
++ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
++ goto err;
++ }
++#endif
++
+ dh->pub_key = pub_key;
+ dh->priv_key = priv_key;
++#ifdef FIPS_MODULE
++ if (ossl_dh_check_pairwise(dh) <= 0) {
++ abort();
++ }
++#endif
++
+ dh->dirty_cnt++;
+ ok = 1;
+ err:
+diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
+index 58fbc7bc09..98d4354f3e 100644
+--- a/providers/implementations/exchange/ecdh_exch.c
++++ b/providers/implementations/exchange/ecdh_exch.c
+@@ -560,6 +560,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
+ #endif
+
+ ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
++#ifdef FIPS_MODULE
++ {
++ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk));
++ int check = 0;
++
++ if (bn_ctx == NULL) {
++ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
++ goto end;
++ }
++
++ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx);
++ BN_CTX_free(bn_ctx);
++
++ if (check <= 0) {
++ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY);
++ goto end;
++ }
++ }
++#endif
+
+ retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
+
+diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
+index 9421aabb14..77531c4b59 100644
+--- a/providers/implementations/keymgmt/ec_kmgmt.c
++++ b/providers/implementations/keymgmt/ec_kmgmt.c
+@@ -993,9 +993,18 @@ struct ec_gen_ctx {
+ EC_GROUP *gen_group;
+ unsigned char *dhkem_ikm;
+ size_t dhkem_ikmlen;
++#ifdef FIPS_MODULE
++ void *ecdsa_sig_ctx;
++#endif
+ OSSL_FIPS_IND_DECLARE
+ };
+
++#ifdef FIPS_MODULE
++void *ecdsa_newctx(void *provctx, const char *propq);
++void ecdsa_freectx(void *vctx);
++int do_ec_pct(void *, const char *, void *);
++#endif
++
+ static void *ec_gen_init(void *provctx, int selection,
+ const OSSL_PARAM params[])
+ {
+@@ -1015,6 +1024,10 @@ static void *ec_gen_init(void *provctx, int selection,
+ gctx = NULL;
+ }
+ }
++#ifdef FIPS_MODULE
++ if (gctx != NULL)
++ gctx->ecdsa_sig_ctx = ecdsa_newctx(provctx, NULL);
++#endif
+ return gctx;
+ }
+
+@@ -1326,6 +1339,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
+
+ if (gctx->ecdh_mode != -1)
+ ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
++#ifdef FIPS_MODULE
++ /* Pairwise consistency test */
++ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
++ && do_ec_pct(gctx->ecdsa_sig_ctx, "sha256", ec) != 1)
++ abort();
++#endif
+
+ if (gctx->group_check != NULL)
+ ret = ret && ossl_ec_set_check_group_type_from_name(ec,
+@@ -1396,7 +1415,10 @@ static void ec_gen_cleanup(void *genctx)
+
+ if (gctx == NULL)
+ return;
+-
++#ifdef FIPS_MODULE
++ ecdsa_freectx(gctx->ecdsa_sig_ctx);
++ gctx->ecdsa_sig_ctx = NULL;
++#endif
+ OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen);
+ EC_GROUP_free(gctx->gen_group);
+ BN_free(gctx->p);
+diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
+index 77d0950094..f0e71beb43 100644
+--- a/providers/implementations/keymgmt/rsa_kmgmt.c
++++ b/providers/implementations/keymgmt/rsa_kmgmt.c
+@@ -433,6 +433,7 @@ struct rsa_gen_ctx {
+ #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
+ /* ACVP test parameters */
+ OSSL_PARAM *acvp_test_params;
++ void *prov_rsa_ctx;
+ #endif
+ };
+
+@@ -446,6 +447,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb)
+ return gctx->cb(params, gctx->cbarg);
+ }
+
++#ifdef FIPS_MODULE
++void *rsa_newctx(void *provctx, const char *propq);
++void rsa_freectx(void *vctx);
++int do_rsa_pct(void *, const char *, void *);
++#endif
++
+ static void *gen_init(void *provctx, int selection, int rsa_type,
+ const OSSL_PARAM params[])
+ {
+@@ -473,6 +480,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type,
+
+ if (!rsa_gen_set_params(gctx, params))
+ goto err;
++#ifdef FIPS_MODULE
++ if (gctx != NULL)
++ gctx->prov_rsa_ctx = rsa_newctx(provctx, NULL);
++#endif
+ return gctx;
+
+ err:
+@@ -629,6 +640,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
+
+ rsa = rsa_tmp;
+ rsa_tmp = NULL;
++#ifdef FIPS_MODULE
++ /* Pairwise consistency test */
++ if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1)
++ abort();
++#endif
+ err:
+ BN_GENCB_free(gencb);
+ RSA_free(rsa_tmp);
+@@ -644,6 +660,8 @@ static void rsa_gen_cleanup(void *genctx)
+ #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
+ ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params);
+ gctx->acvp_test_params = NULL;
++ rsa_freectx(gctx->prov_rsa_ctx);
++ gctx->prov_rsa_ctx = NULL;
+ #endif
+ BN_clear_free(gctx->pub_exp);
+ OPENSSL_free(gctx);
+diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
+index 1998a48c72..a3d2766449 100644
+--- a/providers/implementations/signature/ecdsa_sig.c
++++ b/providers/implementations/signature/ecdsa_sig.c
+@@ -33,7 +33,7 @@
+ #include "prov/der_ec.h"
+ #include "crypto/ec.h"
+
+-static OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
++OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
+ static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init;
+ static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init;
+ static OSSL_FUNC_signature_sign_fn ecdsa_sign;
+@@ -48,7 +48,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final;
+ static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init;
+ static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update;
+ static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final;
+-static OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
++OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
+ static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx;
+ static OSSL_FUNC_signature_query_key_types_fn ecdsa_sigalg_query_key_types;
+ static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params;
+@@ -139,7 +139,7 @@ typedef struct {
+ OSSL_FIPS_IND_DECLARE
+ } PROV_ECDSA_CTX;
+
+-static void *ecdsa_newctx(void *provctx, const char *propq)
++void *ecdsa_newctx(void *provctx, const char *propq)
+ {
+ PROV_ECDSA_CTX *ctx;
+
+@@ -605,7 +605,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig,
+ return ok;
+ }
+
+-static void ecdsa_freectx(void *vctx)
++void ecdsa_freectx(void *vctx)
+ {
+ PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
+
+@@ -854,6 +854,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx)
+ return EVP_MD_settable_ctx_params(ctx->md);
+ }
+
++#ifdef FIPS_MODULE
++int do_ec_pct(void *vctx, const char *mdname, void *ec)
++{
++ static const unsigned char data[32];
++ unsigned char sigbuf[256];
++ size_t siglen = sizeof(sigbuf);
++
++ if (ecdsa_digest_sign_init(vctx, mdname, ec, NULL) <= 0)
++ return 0;
++
++ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
++ return 0;
++
++ if (ecdsa_digest_sign_final(vctx, sigbuf, &siglen, sizeof(sigbuf)) <= 0)
++ return 0;
++
++ if (ecdsa_digest_verify_init(vctx, mdname, ec, NULL) <= 0)
++ return 0;
++
++ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
++ return 0;
++
++ if (ecdsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
++ return 0;
++
++ return 1;
++}
++#endif
++
+ const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = {
+ { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx },
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init },
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index 788299fee3..6d28ad0c3d 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -37,7 +37,7 @@
+ #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
+ #define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
+
+-static OSSL_FUNC_signature_newctx_fn rsa_newctx;
++OSSL_FUNC_signature_newctx_fn rsa_newctx;
+ static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
+ static OSSL_FUNC_signature_verify_init_fn rsa_verify_init;
+ static OSSL_FUNC_signature_verify_recover_init_fn rsa_verify_recover_init;
+@@ -54,7 +54,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn rsa_digest_sign_final;
+ static OSSL_FUNC_signature_digest_verify_init_fn rsa_digest_verify_init;
+ static OSSL_FUNC_signature_digest_verify_update_fn rsa_digest_verify_update;
+ static OSSL_FUNC_signature_digest_verify_final_fn rsa_digest_verify_final;
+-static OSSL_FUNC_signature_freectx_fn rsa_freectx;
++OSSL_FUNC_signature_freectx_fn rsa_freectx;
+ static OSSL_FUNC_signature_dupctx_fn rsa_dupctx;
+ static OSSL_FUNC_signature_query_key_types_fn rsa_sigalg_query_key_types;
+ static OSSL_FUNC_signature_get_ctx_params_fn rsa_get_ctx_params;
+@@ -226,7 +226,7 @@ static int rsa_check_parameters(PROV_RSA_CTX *prsactx, int min_saltlen)
+ return 1;
+ }
+
+-static void *rsa_newctx(void *provctx, const char *propq)
++void *rsa_newctx(void *provctx, const char *propq)
+ {
+ PROV_RSA_CTX *prsactx = NULL;
+ char *propq_copy = NULL;
+@@ -1317,7 +1317,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig,
+ return ok;
+ }
+
+-static void rsa_freectx(void *vprsactx)
++void rsa_freectx(void *vprsactx)
+ {
+ PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
+
+@@ -1868,6 +1868,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx)
+ return EVP_MD_settable_ctx_params(prsactx->md);
+ }
+
++#ifdef FIPS_MODULE
++int do_rsa_pct(void *vctx, const char *mdname, void *rsa)
++{
++ static const unsigned char data[32];
++ unsigned char *sigbuf = NULL;
++ size_t siglen = 0;
++ int ret = 0;
++
++ if (rsa_digest_sign_init(vctx, mdname, rsa, NULL) <= 0)
++ return 0;
++
++ if (rsa_digest_sign_update(vctx, data, sizeof(data)) <= 0)
++ return 0;
++
++ if (rsa_digest_sign_final(vctx, NULL, &siglen, 0) <= 0)
++ return 0;
++
++ if ((sigbuf = OPENSSL_malloc(siglen)) == NULL)
++ return 0;
++
++ if (rsa_digest_sign_final(vctx, sigbuf, &siglen, siglen) <= 0)
++ goto err;
++
++ if (rsa_digest_verify_init(vctx, mdname, rsa, NULL) <= 0)
++ goto err;
++
++ if (rsa_digest_verify_update(vctx, data, sizeof(data)) <= 0)
++ goto err;
++
++ if (rsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
++ goto err;
++ ret = 1;
++
++ err:
++ OPENSSL_free(sigbuf);
++ return ret;
++}
++#endif
++
+ const OSSL_DISPATCH ossl_rsa_signature_functions[] = {
+ { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
+--
+2.48.1
+
diff --git a/0024-FIPS-Execute-KATS-before-HMAC-verification-REVIEW.patch b/0024-FIPS-Execute-KATS-before-HMAC-verification-REVIEW.patch
new file mode 100644
index 0000000..74e6289
--- /dev/null
+++ b/0024-FIPS-Execute-KATS-before-HMAC-verification-REVIEW.patch
@@ -0,0 +1,49 @@
+From bb176bfd94812f2ed31270199cee971c459eb355 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 24/49] FIPS: Execute KATS before HMAC verification - REVIEW
+
+Patch-name: 0047-FIPS-early-KATS.patch
+Patch-id: 47
+Patch-status: |
+ # # Execute KATS before HMAC verification
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ providers/fips/self_test.c | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
+index 8b17b8ca94..0f5074936f 100644
+--- a/providers/fips/self_test.c
++++ b/providers/fips/self_test.c
+@@ -489,6 +489,15 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+ if (ev == NULL)
+ goto end;
+
++ /*
++ * Run the KAT's before HMAC verification according to FIPS-140-3
++ * requirements
++ */
++ if (!SELF_TEST_kats(ev, st->libctx)) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
++ goto end;
++ }
++
+ if (st->module_checksum_data == NULL) {
+ module_checksum = fips_hmac_container;
+ checksum_len = sizeof(fips_hmac_container);
+@@ -527,11 +536,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
+ }
+ }
+
+- if (!SELF_TEST_kats(ev, st->libctx)) {
+- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
+- goto end;
+- }
+-
+ /* Verify that the RNG has been restored properly */
+ rng = ossl_rand_get0_private_noncreating(st->libctx);
+ if (rng != NULL)
+--
+2.48.1
+
diff --git a/0024-load-legacy-prov.patch b/0024-load-legacy-prov.patch
deleted file mode 100644
index 4603260..0000000
--- a/0024-load-legacy-prov.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 8653f2213d3175fc558bf24b4bae67cab23f8a1e Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 8 Jul 2024 11:30:25 +0200
-Subject: [PATCH 14/50] 0024-load-legacy-prov.patch
-
-Patch-name: 0024-load-legacy-prov.patch
-Patch-id: 24
-Patch-status: |
- # Instructions to load legacy provider in openssl.cnf
-From-dist-git-commit: e67e9d9c40cd2cb9547e539c658e2b63f2736762
----
- apps/openssl.cnf | 40 ++++++++++++++++++----------------------
- doc/man5/config.pod | 8 ++++++++
- 2 files changed, 26 insertions(+), 22 deletions(-)
-
-diff --git a/apps/openssl.cnf b/apps/openssl.cnf
-index 3ec80986b7..84a9898fb4 100644
---- a/apps/openssl.cnf
-+++ b/apps/openssl.cnf
-@@ -42,14 +42,6 @@ tsa_policy1 = 1.2.3.4.1
- tsa_policy2 = 1.2.3.4.5.6
- tsa_policy3 = 1.2.3.4.5.7
-
--# For FIPS
--# Optionally include a file that is generated by the OpenSSL fipsinstall
--# application. This file contains configuration data required by the OpenSSL
--# fips provider. It contains a named section e.g. [fips_sect] which is
--# referenced from the [provider_sect] below.
--# Refer to the OpenSSL security policy for more information.
--# .include fipsmodule.cnf
--
- [openssl_init]
- providers = provider_sect
- # Load default TLS policy configuration
-@@ -60,23 +52,27 @@ alg_section = evp_properties
- #This section is intentionally added empty here
- #to be tuned on particular systems
-
--# List of providers to load
-+# Uncomment the sections that start with ## below to enable the legacy provider.
-+# Loading the legacy provider enables support for the following algorithms:
-+# Hashing Algorithms / Message Digests: MD2, MD4, MDC2, WHIRLPOOL, RIPEMD160
-+# Symmetric Ciphers: Blowfish, CAST, DES, IDEA, RC2, RC4,RC5, SEED
-+# Key Derivation Function (KDF): PBKDF1
-+# In general it is not recommended to use the above mentioned algorithms for
-+# security critical operations, as they are cryptographically weak or vulnerable
-+# to side-channel attacks and as such have been deprecated.
-+
- [provider_sect]
- default = default_sect
--# The fips section name should match the section name inside the
--# included fipsmodule.cnf.
--# fips = fips_sect
--
--# If no providers are activated explicitly, the default one is activated implicitly.
--# See man 7 OSSL_PROVIDER-default for more details.
--#
--# If you add a section explicitly activating any other provider(s), you most
--# probably need to explicitly activate the default provider, otherwise it
--# becomes unavailable in openssl. As a consequence applications depending on
--# OpenSSL may not work correctly which could lead to significant system
--# problems including inability to remotely access the system.
-+##legacy = legacy_sect
-+##
- [default_sect]
--# activate = 1
-+activate = 1
-+
-+##[legacy_sect]
-+##activate = 1
-+
-+#Place the third party provider configuration files into this folder
-+.include /etc/pki/tls/openssl.d
-
- [ ssl_module ]
-
-diff --git a/doc/man5/config.pod b/doc/man5/config.pod
-index 8d312c661f..714a10437b 100644
---- a/doc/man5/config.pod
-+++ b/doc/man5/config.pod
-@@ -273,6 +273,14 @@ significant.
- All parameters in the section as well as sub-sections are made
- available to the provider.
-
-+=head3 Loading the legacy provider
-+
-+Uncomment the sections that start with ## in openssl.cnf
-+to enable the legacy provider.
-+Note: In general it is not recommended to use the above mentioned algorithms for
-+security critical operations, as they are cryptographically weak or vulnerable
-+to side-channel attacks and as such have been deprecated.
-+
- =head3 Default provider and its activation
-
- If no providers are activated explicitly, the default one is activated implicitly.
---
-2.41.0
-
diff --git a/0025-FIPS-limit-rsa-encrypt-REVIEW.patch b/0025-FIPS-limit-rsa-encrypt-REVIEW.patch
new file mode 100644
index 0000000..d4abca0
--- /dev/null
+++ b/0025-FIPS-limit-rsa-encrypt-REVIEW.patch
@@ -0,0 +1,985 @@
+From c0e0ea317f76e532cf05c82cdef05200d6eee3a5 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 25/49] FIPS: limit rsa encrypt - REVIEW
+
+Patch-name: 0058-FIPS-limit-rsa-encrypt.patch
+Patch-id: 58
+Patch-status: |
+ # # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ providers/common/securitycheck.c | 1 +
+ .../fips/include/fips_indicator_params.inc | 2 +-
+ .../implementations/asymciphers/rsa_enc.c | 26 ++++
+ .../30-test_evp_data/evppkey_rsa_common.txt | 146 +++++++++++++-----
+ test/recipes/80-test_cms.t | 5 +-
+ test/recipes/80-test_ssl_old.t | 27 +++-
+ 6 files changed, 164 insertions(+), 43 deletions(-)
+ mode change 100644 => 100755 test/recipes/80-test_ssl_old.t
+
+diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
+index 79a9c48ce2..0e517542bc 100644
+--- a/providers/common/securitycheck.c
++++ b/providers/common/securitycheck.c
+@@ -65,6 +65,7 @@ int ossl_rsa_key_op_get_protect(const RSA *rsa, int operation, int *outprotect)
+ * Set protect = 1 for encryption or signing operations, or 0 otherwise. See
+ * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
+ */
++/* Red Hat build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */
+ int ossl_rsa_check_key_size(const RSA *rsa, int protect)
+ {
+ int sz = RSA_bits(rsa);
+diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc
+index 78f9fc0655..6bd783eb0a 100644
+--- a/providers/fips/include/fips_indicator_params.inc
++++ b/providers/fips/include/fips_indicator_params.inc
+@@ -13,7 +13,7 @@ OSSL_FIPS_PARAM(sskdf_digest_check, SSKDF_DIGEST_CHECK, 0)
+ OSSL_FIPS_PARAM(x963kdf_digest_check, X963KDF_DIGEST_CHECK, 0)
+ OSSL_FIPS_PARAM(dsa_sign_disallowed, DSA_SIGN_DISABLED, 0)
+ OSSL_FIPS_PARAM(tdes_encrypt_disallowed, TDES_ENCRYPT_DISABLED, 0)
+-OSSL_FIPS_PARAM(rsa_pkcs15_padding_disabled, RSA_PKCS15_PAD_DISABLED, 0)
++OSSL_FIPS_PARAM(rsa_pkcs15_padding_disabled, RSA_PKCS15_PAD_DISABLED, 1)
+ OSSL_FIPS_PARAM(rsa_pss_saltlen_check, RSA_PSS_SALTLEN_CHECK, 0)
+ OSSL_FIPS_PARAM(rsa_sign_x931_disallowed, RSA_SIGN_X931_PAD_DISABLED, 0)
+ OSSL_FIPS_PARAM(hkdf_key_check, HKDF_KEY_CHECK, 0)
+diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
+index 6ee127caff..2a7c2f159e 100644
+--- a/providers/implementations/asymciphers/rsa_enc.c
++++ b/providers/implementations/asymciphers/rsa_enc.c
+@@ -168,6 +168,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
+ }
+ #endif
+
++# ifdef FIPS_MODULE
++ if (prsactx->pad_mode == RSA_NO_PADDING) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE);
++ return 0;
++ }
++
++ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
++ return 0;
++ }
++# endif
++
+ if (out == NULL) {
+ size_t len = RSA_size(prsactx->rsa);
+
+@@ -230,6 +242,20 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
+ if (!ossl_prov_is_running())
+ return 0;
+
++# ifdef FIPS_MODULE
++ if ((prsactx->pad_mode == RSA_PKCS1_PADDING
++ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING
++ || prsactx->pad_mode == RSA_NO_PADDING)) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE);
++ return 0;
++ }
++
++ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
++ return 0;
++ }
++# endif
++
+ if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
+ if (out == NULL) {
+ *outlen = SSL_MAX_MASTER_KEY_LENGTH;
+diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+index 18e11bdaa9..17ceb59148 100644
+--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377
+ Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
+
+ # RSA decrypt
+-
++Availablein = default
+ Decrypt = RSA-2048
+ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
+ Output = "Hello World"
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # Note: disable the Bleichenbacher workaround to see if it passes
+ Decrypt = RSA-2048
+ Ctrl = rsa_pkcs1_implicit_rejection:0
+@@ -262,7 +262,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70
+ Output = "Hello World"
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # Corrupted ciphertext
+ # Note: output is generated synthethically by the Bleichenbacher workaround
+ Decrypt = RSA-2048
+@@ -270,7 +270,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70
+ Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # Corrupted ciphertext
+ # Note: disable the Bleichenbacher workaround to see if it fails
+ Decrypt = RSA-2048
+@@ -296,13 +296,14 @@ Input = 0000000000000000000000000000000000000001
+ Result = KEYOP_ERROR
+
+ # RSADP Ciphertext = 2 should pass
++Availablein = default
+ Decrypt = RSA-2048
+ Ctrl = rsa_padding_mode:none
+ Input = 0000000000000000000000000000000000000002
+ Output = 93d0bae8ad0d94de400eb078dd10edd7418ef1bf11b8e8b5d2b86b142e77d603e108fbcca2b976aa7b5326e5369db3bb73bf74f8d47c36a6318e913888c873502a561fc69329e7c24a0a016d81310449a52b29e49a6a41bdfe6c10a8d90072d64b4486756fd007c0071da2a8c7107a904621c11f0d81aa80b655a713c28170594ece28133dfbfddd61d4e4dad0d6781f6145a351a994054993fd57cd1330966ce97d7ac259b15616fd7235e2cac29fdc1c05f1612c61785614b80e7b650c03ef77d64163d75fa637cc2a9a7e570b3176fdcfb6ad6d25e8515f6ced02cfb3a441c87220044110fd27dcb53888f0377e1797bf297b7da27d3f033cd8b5d60ececc
+
+ # RSADP Ciphertext = n-2 should pass
+-Availablein = fips
++Availablein = none
+ Decrypt = RSA-2048
+ Ctrl = rsa_padding_mode:none
+ Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44d
+@@ -317,6 +318,7 @@ Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b0
+ Result = KEYOP_ERROR
+
+ # RSADP Ciphertext = n should fail
++Availablein = default
+ Decrypt = RSA-2048
+ Ctrl = rsa_padding_mode:none
+ Input = cd0081ea7b2ae1ea06d59f7c73d9ffb94a09615c2e4ba7c636cef08dd3533ec3185525b015c769b99a77d6725bf9c3532a9b6e5f6627d5fb85160768d3dda9cbd35974511717dc3d309d2fc47ee41f97e32adb7f9dd864a1c4767a666ecd71bc1aacf5e7517f4b38594fea9b05e42d5ada9912008013e45316a4d9bb8ed086b88d28758bacaf922d46a868b485d239c9baeb0e2b64592710f42b2d1ea0a4b4802c0becab328f8a68b0073bdb546feea9809d2849912b390c1532bc7e29c7658f8175fae46f34332ff87bcab3e40649b98577869da0ea718353f0722754886913648760d122be676e0fc483dd20ffc31bda96a31966c9aa2e75ad03de47e1c44f
+@@ -406,82 +408,90 @@ PrivPubKeyPair = RSA-2048-2:RSA-2048-2-PUBLIC
+ # RSA decrypt
+
+ # a random positive test case
++Availablein = default
+ Decrypt = RSA-2048-2
+ Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066
+ Output = "lorem ipsum dolor sit amet"
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # a random negative test case decrypting to empty
+ Decrypt = RSA-2048-2
+ Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7
+ Output =
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # invalid decrypting to max length message
+ Decrypt = RSA-2048-2
+ Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303
+ Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
+ # invalid decrypting to message with length specified by second to last value from PRF
++Availablein = default
+ Decrypt = RSA-2048-2
+ Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354
+ Output = 0f9b
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # invalid decrypting to message with length specified by third to last value from PRF
+ Decrypt = RSA-2048-2
+ Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081
+ Output = 4f02
+
+ # positive test with 11 byte long value
++Availablein = default
+ Decrypt = RSA-2048-2
+ Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592
+ Output = "lorem ipsum"
+
+ # positive test with 11 byte long value and zero padded ciphertext
++Availablein = default
+ Decrypt = RSA-2048-2
+ Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
+ Output = "lorem ipsum"
+
+ # positive test with 11 byte long value and zero truncated ciphertext
++Availablein = default
+ Decrypt = RSA-2048-2
+ Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
+ Output = "lorem ipsum"
+
+ # positive test with 11 byte long value and double zero padded ciphertext
++Availablein = default
+ Decrypt = RSA-2048-2
+ Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
+ Output = "lorem ipsum"
+
+ # positive test with 11 byte long value and double zero truncated ciphertext
++Availablein = default
+ Decrypt = RSA-2048-2
+ Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
+ Output = "lorem ipsum"
+
+ # positive that generates a 0 byte long synthetic message internally
++Availablein = default
+ Decrypt = RSA-2048-2
+ Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0
+ Output = "lorem ipsum"
+
+ # positive that generates a 245 byte long synthetic message internally
++Availablein = default
+ Decrypt = RSA-2048-2
+ Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50
+ Output = "lorem ipsum"
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # a random negative test that generates an 11 byte long message
+ Decrypt = RSA-2048-2
+ Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2
+ Output = af9ac70191c92413cb9f2d
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an otherwise correct plaintext, but with wrong first byte
+ # (0x01 instead of 0x00), generates a random 11 byte long plaintext
+ Decrypt = RSA-2048-2
+@@ -489,7 +499,7 @@ Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc
+ Output = a1f8c9255c35cfba403ccc
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an otherwise correct plaintext, but with wrong second byte
+ # (0x01 instead of 0x02), generates a random 11 byte long plaintext
+ Decrypt = RSA-2048-2
+@@ -497,7 +507,7 @@ Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d
+ Output = e6d700309ca0ed62452254
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an invalid ciphertext, with a zero byte in first byte of
+ # ciphertext, decrypts to a random 11 byte long synthetic
+ # plaintext
+@@ -506,7 +516,7 @@ Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2a
+ Output = ba27b1842e7c21c0e7ef6a
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an invalid ciphertext, with a zero byte removed from first byte of
+ # ciphertext, decrypts to a random 11 byte long synthetic
+ # plaintext
+@@ -515,7 +525,7 @@ Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3
+ Output = ba27b1842e7c21c0e7ef6a
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an invalid ciphertext, with two zero bytes in first bytes of
+ # ciphertext, decrypts to a random 11 byte long synthetic
+ # plaintext
+@@ -524,7 +534,7 @@ Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f
+ Output = d5cf555b1d6151029a429a
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an invalid ciphertext, with two zero bytes removed from first bytes of
+ # ciphertext, decrypts to a random 11 byte long synthetic
+ # plaintext
+@@ -533,7 +543,7 @@ Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c
+ Output = d5cf555b1d6151029a429a
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # and invalid ciphertext, otherwise valid but starting with 000002, decrypts
+ # to random 11 byte long synthetic plaintext
+ Decrypt = RSA-2048-2
+@@ -541,7 +551,7 @@ Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802
+ Output = 3d4a054d9358209e9cbbb9
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # negative test with otherwise valid padding but a zero byte in first byte
+ # of padding
+ Decrypt = RSA-2048-2
+@@ -549,7 +559,7 @@ Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a94
+ Output = 1f037dd717b07d3e7f7359
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # negative test with otherwise valid padding but a zero byte at the eighth
+ # byte of padding
+ Decrypt = RSA-2048-2
+@@ -557,7 +567,7 @@ Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a9646
+ Output = 63cb0bf65fc8255dd29e17
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # negative test with an otherwise valid plaintext but with missing separator
+ # byte
+ Decrypt = RSA-2048-2
+@@ -612,53 +622,58 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC
+ # RSA decrypt
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # malformed that generates length specified by 3rd last value from PRF
+ Decrypt = RSA-2049
+ Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894
+ Output = 42
+
+ # simple positive test case
++Availablein = default
+ Decrypt = RSA-2049
+ Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967
+ Output = "lorem ipsum"
+
+ # positive test case with null padded ciphertext
++Availablein = default
+ Decrypt = RSA-2049
+ Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
+ Output = "lorem ipsum"
+
+ # positive test case with null truncated ciphertext
++Availablein = default
+ Decrypt = RSA-2049
+ Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
+ Output = "lorem ipsum"
+
+ # positive test case with double null padded ciphertext
++Availablein = default
+ Decrypt = RSA-2049
+ Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
+ Output = "lorem ipsum"
+
+ # positive test case with double null truncated ciphertext
++Availablein = default
+ Decrypt = RSA-2049
+ Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
+ Output = "lorem ipsum"
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # a random negative test case that generates an 11 byte long message
+ Decrypt = RSA-2049
+ Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca
+ Output = 1189b6f5498fd6df532b00
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00)
+ Decrypt = RSA-2049
+ Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff
+ Output = f6d0f5b78082fe61c04674
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02)
+ Decrypt = RSA-2049
+ Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3
+@@ -722,14 +737,14 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE=
+ PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # a random invalid ciphertext that generates an empty synthetic one
+ Decrypt = RSA-3072
+ Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59
+ Output =
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # a random invalid that has PRF output with a length one byte too long
+ # in the last value
+ Decrypt = RSA-3072
+@@ -737,46 +752,51 @@ Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa
+ Output = 56a3bea054e01338be9b7d7957539c
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # a random invalid that generates a synthetic of maximum size
+ Decrypt = RSA-3072
+ Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6
+ Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04
+
+ # a positive test case that decrypts to 9 byte long value
++Availablein = default
+ Decrypt = RSA-3072
+ Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde
+ Output = "forty two"
+
+ # a positive test case with null padded ciphertext
++Availablein = default
+ Decrypt = RSA-3072
+ Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
+ Output = "forty two"
+
+ # a positive test case with null truncated ciphertext
++Availablein = default
+ Decrypt = RSA-3072
+ Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
+ Output = "forty two"
+
+ # a positive test case with double null padded ciphertext
++Availablein = default
+ Decrypt = RSA-3072
+ Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
+ Output = "forty two"
+
+ # a positive test case with double null truncated ciphertext
++Availablein = default
+ Decrypt = RSA-3072
+ Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
+ Output = "forty two"
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # a random negative test case that generates a 9 byte long message
+ Decrypt = RSA-3072
+ Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56
+ Output = 257906ca6de8307728
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # a random negative test case that generates a 9 byte long message based on
+ # second to last value from PRF
+ Decrypt = RSA-3072
+@@ -784,7 +804,7 @@ Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a0
+ Output = 043383c929060374ed
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # a random negative test that generates message based on 3rd last value from
+ # PRF
+ Decrypt = RSA-3072
+@@ -792,35 +812,35 @@ Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf48
+ Output = 70263fa6050534b9e0
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00)
+ Decrypt = RSA-3072
+ Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62
+ Output = 6d8d3a094ff3afff4c
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02)
+ Decrypt = RSA-3072
+ Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936
+ Output = c6ae80ffa80bc184b0
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an otherwise valid plaintext, but with zero byte in first byte of padding
+ Decrypt = RSA-3072
+ Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0
+ Output = a8a9301daa01bb25c7
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an otherwise valid plaintext, but with zero byte in eight byte of padding
+ Decrypt = RSA-3072
+ Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571
+ Output = 6c716fe01d44398018
+
+ # The old FIPS provider doesn't include the workaround (#13817)
+-FIPSversion = >=3.2.0
++Availablein = default
+ # an otherwise valid plaintext, but with null separator missing
+ Decrypt = RSA-3072
+ Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4
+@@ -912,9 +932,9 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD
+
+ # Verify of above signature
+ Verify = RSA-2048-PUBLIC
++Ctrl = digest:sha256
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_pss_saltlen:0
+-Ctrl = digest:sha256
+ Input="0123456789ABCDEF0123456789ABCDEF"
+ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+
+@@ -1207,36 +1227,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2
+ h90qjKHS9PvY4Q==
+ -----END PRIVATE KEY-----
+
++Availablein = default
+ Decrypt=RSA-OAEP-1
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a
+ Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
+
++Availablein = default
+ Decrypt=RSA-OAEP-1
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44
+ Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
+
++Availablein = default
+ Decrypt=RSA-OAEP-1
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb
+ Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
+
++Availablein = default
+ Decrypt=RSA-OAEP-1
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755
+ Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
+
++Availablein = default
+ Decrypt=RSA-OAEP-1
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439
+ Output=8da89fd9e5f974a29feffb462b49180f6cf9e802
+
++Availablein = default
+ Decrypt=RSA-OAEP-1
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1261,36 +1287,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8
+ eG2e4XlBcKjI6A==
+ -----END PRIVATE KEY-----
+
++Availablein = default
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e
+ Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7
+
++Availablein = default
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245
+ Output=2d
+
++Availablein = default
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053
+ Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e
+
++Availablein = default
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641
+ Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a
+
++Availablein = default
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec
+ Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c
+
++Availablein = default
+ Decrypt=RSA-OAEP-2
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1315,36 +1347,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z
+ Ya4qnqZe1onjY5o=
+ -----END PRIVATE KEY-----
+
++Availablein = default
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80
+ Output=087820b569e8fa8d
+
++Availablein = default
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5
+ Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04
+
++Availablein = default
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a
+ Output=d94cd0e08fa404ed89
+
++Availablein = default
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0
+ Output=6cc641b6b61e6f963974dad23a9013284ef1
+
++Availablein = default
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60
+ Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223
+
++Availablein = default
+ Decrypt=RSA-OAEP-3
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1369,36 +1407,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq
+ aD0x7TDrmEvkEro=
+ -----END PRIVATE KEY-----
+
++Availablein = default
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8
+ Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2
+
++Availablein = default
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e
+ Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8
+
++Availablein = default
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065
+ Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99
+
++Availablein = default
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4
+ Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e
+
++Availablein = default
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2
+ Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284
+
++Availablein = default
+ Decrypt=RSA-OAEP-4
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1423,36 +1467,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B
+ MSwGUGLx60i3nRyDyw==
+ -----END PRIVATE KEY-----
+
++Availablein = default
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5
+ Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8
+
++Availablein = default
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad
+ Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399
+
++Availablein = default
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967
+ Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7
+
++Availablein = default
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf
+ Output=15c5b9ee1185
+
++Availablein = default
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723
+ Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a
+
++Availablein = default
+ Decrypt=RSA-OAEP-5
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1477,36 +1527,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC
+ Yejn5Ly8mU2q+jBcRQ==
+ -----END PRIVATE KEY-----
+
++Availablein = default
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3
+ Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4
+
++Availablein = default
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f
+ Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7
+
++Availablein = default
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65
+ Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c
+
++Availablein = default
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8
+ Output=684e3038c5c041f7
+
++Availablein = default
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab
+ Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693
+
++Availablein = default
+ Decrypt=RSA-OAEP-6
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1531,36 +1587,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS
+ FMlxv0gq65dqc3DC
+ -----END PRIVATE KEY-----
+
++Availablein = default
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1
+ Output=47aae909
+
++Availablein = default
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6
+ Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7
+
++Availablein = default
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b
+ Output=d976fc
+
++Availablein = default
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac
+ Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb
+
++Availablein = default
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478
+ Output=bb47231ca5ea1d3ad46c99345d9a8a61
+
++Availablein = default
+ Decrypt=RSA-OAEP-7
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1585,36 +1647,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM
+ 2MiPa249Z+lh3Luj0A==
+ -----END PRIVATE KEY-----
+
++Availablein = default
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61
+ Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967
+
++Availablein = default
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d
+ Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc
+
++Availablein = default
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f
+ Output=8604ac56328c1ab5ad917861
+
++Availablein = default
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0
+ Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc
+
++Availablein = default
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2
+ Output=4a5f4914bee25de3c69341de07
+
++Availablein = default
+ Decrypt=RSA-OAEP-8
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1645,36 +1713,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo
+ tKo5Eb69iFQvBb4=
+ -----END PRIVATE KEY-----
+
++Availablein = default
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72
+ Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6
+
++Availablein = default
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8
+ Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659
+
++Availablein = default
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3
+ Output=fd326429df9b890e09b54b18b8f34f1e24
+
++Availablein = default
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858
+ Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e
+
++Availablein = default
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+ Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e
+ Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d
+
++Availablein = default
+ Decrypt=RSA-OAEP-9
+ Ctrl = rsa_padding_mode:oaep
+ Ctrl = rsa_mgf1_md:sha1
+diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
+index 361dd34512..f3f9eac1f3 100644
+--- a/test/recipes/80-test_cms.t
++++ b/test/recipes/80-test_cms.t
+@@ -247,7 +247,7 @@ my @smime_pkcs7_tests = (
+
+ if ($no_fips || $old_fips) {
+ push(@smime_pkcs7_tests,
+- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
++ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
+ "-aes256", "-stream", "-out", "{output}.cms",
+ $smrsa1,
+@@ -1264,6 +1264,9 @@ sub check_availability {
+ return "$tnam: skipped, DSA disabled\n"
+ if ($no_dsa && $tnam =~ / DSA/);
+
++ return "$tnam: skipped, Red Hat FIPS\n"
++ if ($tnam =~ /no Red Hat FIPS/);
++
+ return "";
+ }
+
+diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
+old mode 100644
+new mode 100755
+index f7be2e1872..568a1ddba4
+--- a/test/recipes/80-test_ssl_old.t
++++ b/test/recipes/80-test_ssl_old.t
+@@ -561,6 +561,18 @@ sub testssl {
+ # the default choice if TLSv1.3 enabled
+ my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
+ my $ciphersuites = "";
++ my %redhat_skip_cipher = map {$_ => 1} qw(
++AES256-GCM-SHA384:@SECLEVEL=0
++AES256-CCM8:@SECLEVEL=0
++AES256-CCM:@SECLEVEL=0
++AES128-GCM-SHA256:@SECLEVEL=0
++AES128-CCM8:@SECLEVEL=0
++AES128-CCM:@SECLEVEL=0
++AES256-SHA256:@SECLEVEL=0
++AES128-SHA256:@SECLEVEL=0
++AES256-SHA:@SECLEVEL=0
++AES128-SHA:@SECLEVEL=0
++ );
+ foreach my $cipher (@{$ciphersuites{$protocol}}) {
+ if ($dsaallow == '0' && index($cipher, "DSS") != -1) {
+ # DSA is not allowed in FIPS 140-3
+@@ -576,11 +588,16 @@ sub testssl {
+ } else {
+ $cipher = $cipher.':@SECLEVEL=0';
+ }
+- ok(run(test([@ssltest, @exkeys, "-cipher",
+- $cipher,
+- "-ciphersuites", $ciphersuites,
+- $flag || ()])),
+- "Testing $cipher");
++ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
++ note "*****SKIPPING $cipher in Red Hat FIPS mode";
++ ok(1);
++ } else {
++ ok(run(test([@ssltest, @exkeys, "-cipher",
++ $cipher,
++ "-ciphersuites", $ciphersuites,
++ $flag || ()])),
++ "Testing $cipher");
++ }
+ }
+ }
+ next if $protocol eq "-tls1_3";
+--
+2.48.1
+
diff --git a/0025-for-tests.patch b/0025-for-tests.patch
deleted file mode 100644
index 0e0146c..0000000
--- a/0025-for-tests.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff -up openssl-3.0.0/apps/openssl.cnf.xxx openssl-3.0.0/apps/openssl.cnf
---- openssl-3.0.0/apps/openssl.cnf.xxx 2021-11-23 16:29:50.618691603 +0100
-+++ openssl-3.0.0/apps/openssl.cnf 2021-11-23 16:28:16.872882099 +0100
-@@ -55,17 +55,17 @@ providers = provider_sect
- # to side-channel attacks and as such have been deprecated.
-
- [provider_sect]
--default = default_sect
-+##default = default_sect
- ##legacy = legacy_sect
- ##
--[default_sect]
--activate = 1
-+##[default_sect]
-+##activate = 1
-
- ##[legacy_sect]
- ##activate = 1
-
--#Place the third party provider configuration files into this folder
--.include /etc/pki/tls/openssl.d
-+##Place the third party provider configuration files into this folder
-+#.include /etc/pki/tls/openssl.d
-
-
-####################################################################
diff --git a/0026-FIPS-Deny-SHA-1-signature-verification.patch b/0026-FIPS-Deny-SHA-1-signature-verification.patch
new file mode 100644
index 0000000..3232ac2
--- /dev/null
+++ b/0026-FIPS-Deny-SHA-1-signature-verification.patch
@@ -0,0 +1,565 @@
+From de8ce2cfc9754a494a133c24b16e30501b52c299 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:15 +0100
+Subject: [PATCH 26/49] FIPS: Deny SHA-1 signature verification
+
+For RHEL, we already disable SHA-1 signatures by default in the default
+provider, so it is unexpected that the FIPS provider would have a more
+lenient configuration in this regard. Additionally, we do not think
+continuing to accept SHA-1 signatures is a good idea due to the
+published chosen-prefix collision attacks.
+
+As a consequence, disable verification of SHA-1 signatures in the FIPS
+provider.
+
+This requires adjusting a few tests that would otherwise fail:
+- 30-test_acvp: Remove the test vectors that use SHA-1.
+- 30-test_evp: Mark tests in evppkey_rsa_common.txt and
+ evppkey_ecdsa.txt that use SHA-1 digests as "Availablein = default",
+ which will not run them when the FIPS provider is enabled.
+- 80-test_cms: Re-create all certificates in test/smime-certificates
+ with SHA256 signatures while keeping the same private keys. These
+ certificates were signed with SHA-1 and thus fail verification in the
+ FIPS provider.
+ Fix some other tests by explicitly running them in the default
+ provider, where SHA-1 is available.
+- 80-test_ssl_old: Skip tests that rely on SSLv3 and SHA-1 when run with
+ the FIPS provider.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+
+Bug Id: https://bugzilla.redhat.com/show_bug.cgi?id=2087147
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ providers/implementations/signature/dsa_sig.c | 4 +-
+ .../implementations/signature/ecdsa_sig.c | 4 +-
+ providers/implementations/signature/rsa_sig.c | 8 +--
+ test/acvp_test.inc | 11 ----
+ .../30-test_evp_data/evppkey_ecdsa.txt | 7 +++
+ .../30-test_evp_data/evppkey_rsa_common.txt | 54 +++++++++++++++++--
+ test/recipes/80-test_cms.t | 4 +-
+ test/recipes/80-test_ssl_old.t | 4 ++
+ 8 files changed, 70 insertions(+), 26 deletions(-)
+
+diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
+index 3b976b68bf..672abb5fec 100644
+--- a/providers/implementations/signature/dsa_sig.c
++++ b/providers/implementations/signature/dsa_sig.c
+@@ -184,9 +184,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
+ }
+ #ifdef FIPS_MODULE
+ {
+- int sha1_allowed
+- = ((ctx->operation
+- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0);
++ int sha1_allowed = 0;
+
+ if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
+ OSSL_FIPS_IND_SETTABLE1,
+diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
+index a3d2766449..8f8258d405 100644
+--- a/providers/implementations/signature/ecdsa_sig.c
++++ b/providers/implementations/signature/ecdsa_sig.c
+@@ -211,9 +211,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx,
+
+ #ifdef FIPS_MODULE
+ {
+- int sha1_allowed
+- = ((ctx->operation
+- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0);
++ int sha1_allowed = 0;
+
+ if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
+ OSSL_FIPS_IND_SETTABLE1,
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index 6d28ad0c3d..810d794fc5 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -407,9 +407,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
+ }
+ #ifdef FIPS_MODULE
+ {
+- int sha1_allowed
+- = ((ctx->operation
+- & (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_SIGNMSG)) == 0);
++ int sha1_allowed = 0;
+
+ if (!ossl_fips_ind_digest_sign_check(OSSL_FIPS_IND_GET(ctx),
+ OSSL_FIPS_IND_SETTABLE1,
+@@ -1770,7 +1768,11 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
+
+ if (prsactx->md == NULL && pmdname == NULL
+ && pad_mode == RSA_PKCS1_PSS_PADDING)
++#ifdef FIPS_MODULE
++ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
++#else
+ pmdname = RSA_DEFAULT_DIGEST_NAME;
++#endif
+
+ #ifndef FIPS_MODULE
+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
+diff --git a/test/acvp_test.inc b/test/acvp_test.inc
+index 97ec1ff3e5..29317b47a4 100644
+--- a/test/acvp_test.inc
++++ b/test/acvp_test.inc
+@@ -1991,17 +1991,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = {
+ NO_PSS_SALT_LEN,
+ FAIL
+ },
+- {
+- "x931",
+- 3072,
+- "SHA1",
+- ITM(rsa_sigverx931_0_msg),
+- ITM(rsa_sigverx931_0_n),
+- ITM(rsa_sigverx931_0_e),
+- ITM(rsa_sigverx931_0_sig),
+- NO_PSS_SALT_LEN,
+- PASS
+- },
+ {
+ "x931",
+ 3072,
+diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+index 06ec905be0..b9db928e0d 100644
+--- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
++++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
+@@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC
+
+ Title = ECDSA tests
+
++Availablein = default
+ Verify = P-256-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
+
+ # Digest too long
++Availablein = default
+ Verify = P-256-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF12345"
+@@ -50,6 +52,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e
+ Result = VERIFY_ERROR
+
+ # Digest too short
++Availablein = default
+ Verify = P-256-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF123"
+@@ -57,6 +60,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e
+ Result = VERIFY_ERROR
+
+ # Digest invalid
++Availablein = default
+ Verify = P-256-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1235"
+@@ -64,6 +68,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e
+ Result = VERIFY_ERROR
+
+ # Invalid signature
++Availablein = default
+ Verify = P-256-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+@@ -79,12 +84,14 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e
+ Result = VERIFY_ERROR
+
+ # BER signature
++Availablein = default
+ Verify = P-256-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+ Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
+ Result = VERIFY_ERROR
+
++Availablein = default
+ Verify = P-256-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+index 17ceb59148..eca6b5e517 100644
+--- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
++++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
+@@ -96,6 +96,7 @@ NDL6WCBbets=
+
+ Title = RSA tests
+
++Availablein = default
+ Verify = RSA-2048
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+@@ -112,24 +113,28 @@ Ctrl = digest:SHA512-224
+ Input = "0123456789ABCDEF123456789ABC"
+ Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17
+
++Availablein = default
+ VerifyRecover = RSA-2048
+ Ctrl = digest:SHA1
+ Input = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
+ Output = "0123456789ABCDEF1234"
+
+ # Leading zero in the signature
++Availablein = default
+ Verify = RSA-2048
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+ Output = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
+ Result = VERIFY_ERROR
+
++Availablein = default
+ VerifyRecover = RSA-2048
+ Ctrl = digest:SHA1
+ Input = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
+ Result = KEYOP_ERROR
+
+ # Mismatched digest
++Availablein = default
+ Verify = RSA-2048
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1233"
+@@ -137,6 +142,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2
+ Result = VERIFY_ERROR
+
+ # Corrupted signature
++Availablein = default
+ Verify = RSA-2048
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1233"
+@@ -144,6 +150,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2
+ Result = VERIFY_ERROR
+
+ # parameter is not NULLt
++Availablein = default
+ Verify = RSA-2048
+ Ctrl = digest:sha1
+ Input = "0123456789ABCDEF1234"
+@@ -151,42 +158,49 @@ Output = 3ec3fc29eb6e122bd7aa361cd09fe1bcbe85311096a7b9e4799cedfb2351ce0ab7fe4e7
+ Result = VERIFY_ERROR
+
+ # embedded digest too long
++Availablein = default
+ Verify = RSA-2048
+ Ctrl = digest:sha1
+ Input = "0123456789ABCDEF1234"
+ Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
+ Result = VERIFY_ERROR
+
++Availablein = default
+ VerifyRecover = RSA-2048
+ Ctrl = digest:sha1
+ Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
+ Result = KEYOP_ERROR
+
+ # embedded digest too short
++Availablein = default
+ Verify = RSA-2048
+ Ctrl = digest:sha1
+ Input = "0123456789ABCDEF1234"
+ Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
+ Result = VERIFY_ERROR
+
++Availablein = default
+ VerifyRecover = RSA-2048
+ Ctrl = digest:sha1
+ Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
+ Result = KEYOP_ERROR
+
+ # Garbage after DigestInfo
++Availablein = default
+ Verify = RSA-2048
+ Ctrl = digest:sha1
+ Input = "0123456789ABCDEF1234"
+ Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274
+ Result = VERIFY_ERROR
+
++Availablein = default
+ VerifyRecover = RSA-2048
+ Ctrl = digest:sha1
+ Input = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274
+ Result = KEYOP_ERROR
+
+ # invalid tag for parameter
++Availablein = default
+ Verify = RSA-2048
+ Ctrl = digest:sha1
+ Input = "0123456789ABCDEF1234"
+@@ -195,6 +209,7 @@ Result = VERIFY_ERROR
+
+ # Verify using public key
+
++Availablein = default
+ Verify = RSA-2048-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+@@ -939,7 +954,8 @@ Input="0123456789ABCDEF0123456789ABCDEF"
+ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+
+ # Verify using salt length auto detect
+-FIPSversion = <3.4.0
++# In the FIPS provider on RHEL-9, the default digest for PSS signatures is SHA-256
++Availablein = default
+ Verify = RSA-2048-PUBLIC
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_pss_saltlen:auto
+@@ -974,6 +990,10 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD
+ Result = VERIFY_ERROR
+
+ # Verify using default parameters, explicitly setting parameters
++# NOTE: RSA-PSS-DEFAULT contains a restriction to use SHA1 as digest, which
++# RHEL-9 does not support in FIPS mode; all these tests are thus marked
++# Availablein = default.
++Availablein = default
+ Verify = RSA-PSS-DEFAULT
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_pss_saltlen:20
+@@ -982,6 +1002,7 @@ Input="0123456789ABCDEF0123"
+ Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF
+
+ # Verify explicitly setting parameters "digest" salt length
++Availablein = default
+ Verify = RSA-PSS-DEFAULT
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_pss_saltlen:digest
+@@ -990,20 +1011,21 @@ Input="0123456789ABCDEF0123"
+ Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF
+
+ # Verify using salt length larger than minimum
+-FIPSversion = <3.4.0
++Availablein = default
+ Verify = RSA-PSS-DEFAULT
+ Ctrl = rsa_pss_saltlen:30
+ Input="0123456789ABCDEF0123"
+ Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B
+
+ # Verify using maximum salt length
+-FIPSversion = <3.4.0
++Availablein = default
+ Verify = RSA-PSS-DEFAULT
+ Ctrl = rsa_pss_saltlen:max
+ Input="0123456789ABCDEF0123"
+ Output = 4470DCFE812DEE2E58E4301D4ED274AB348FE040B724B2CD1D8CD0914BFF375F0B86FCB32BFA8AEA9BD22BD7C4F1ADD4F3D215A5CFCC99055BAFECFC23800E9BECE19A08C66BEBC5802122D13A732E5958FC228DCC0B49B5B4B1154F032D8FA2F3564AA949C1310CC9266B0C47F86D449AC9D2E7678347E7266E2D7C888CCE1ADF44A109A293F8516AE2BD94CE220F26E137DB8E7A66BB9FCE052CDC1D0BE24D8CEBB20D10125F26B069F117044B9E1D16FDDAABCA5340AE1702F37D0E1C08A2E93801C0A41035C6C73DA02A0E32227EAFB0B85E79107B59650D0EE7DC32A6772CCCE90F06369B2880FE87ED76997BA61F5EA818091EE88F8B0D6F24D02A3FC6
+
+ # Attempt to change salt length below minimum
++Availablein = default
+ Verify = RSA-PSS-DEFAULT
+ Ctrl = rsa_pss_saltlen:0
+ Result = PKEY_CTRL_ERROR
+@@ -1011,21 +1033,25 @@ Result = PKEY_CTRL_ERROR
+ # Attempt to change padding mode
+ # Note this used to return PKEY_CTRL_INVALID
+ # but it is limited because setparams only returns 0 or 1.
++Availablein = default
+ Verify = RSA-PSS-DEFAULT
+ Ctrl = rsa_padding_mode:pkcs1
+ Result = PKEY_CTRL_ERROR
+
+ # Attempt to change digest
++Availablein = default
+ Verify = RSA-PSS-DEFAULT
+ Ctrl = digest:sha256
+ Result = PKEY_CTRL_ERROR
+
+ # Invalid key: rejected when we try to init
++Availablein = default
+ Verify = RSA-PSS-BAD
+ Result = KEYOP_INIT_ERROR
+ Reason = invalid salt length
+
+ # Invalid key: rejected when we try to init
++Availablein = default
+ Verify = RSA-PSS-BAD2
+ Result = KEYOP_INIT_ERROR
+ Reason = invalid salt length
+@@ -1081,36 +1107,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh
+ 4fINDOjP+yJJvZohNwIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-1
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=cd8b6538cb8e8de566b68bd067569dbf1ee2718e
+ Output=9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c
+
++Availablein = default
+ Verify=RSA-PSS-1
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=e35befc17a1d160b9ce35fbd8eb16e7ee491d3fd
+ Output=3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843
+
++Availablein = default
+ Verify=RSA-PSS-1
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0652ec67bcee30f9d2699122b91c19abdba89f91
+ Output=666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1
+
++Availablein = default
+ Verify=RSA-PSS-1
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=39c21c4cceda9c1adf839c744e1212a6437575ec
+ Output=4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87
+
++Availablein = default
+ Verify=RSA-PSS-1
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=36dae913b77bd17cae6e7b09453d24544cebb33c
+ Output=1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad
+
++Availablein = default
+ Verify=RSA-PSS-1
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1126,36 +1158,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+ESArV6D5KYZBKTySPs5cCc1fh
+ 0w5GMTmBXG/U/VrFuBcqRSMOy2MYoE8UVdhOWosCAwEAAQ==
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-9
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=2715a49b8b0012cd7aee84c116446e6dfe3faec0
+ Output=586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e
+
++Availablein = default
+ Verify=RSA-PSS-9
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=2dac956d53964748ac364d06595827c6b4f143cd
+ Output=80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958
+
++Availablein = default
+ Verify=RSA-PSS-9
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=28d98c46cccafbd3bc04e72f967a54bd3ea12298
+ Output=484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca
+
++Availablein = default
+ Verify=RSA-PSS-9
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0866d2ff5a79f25ef668cd6f31b42dee421e4c0e
+ Output=84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e
+
++Availablein = default
+ Verify=RSA-PSS-9
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=6a5b4be4cd36cc97dfde9995efbf8f097a4a991a
+ Output=82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c
+
++Availablein = default
+ Verify=RSA-PSS-9
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1173,36 +1211,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGu
+ BQIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-10
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=9596bb630cf6a8d4ea4600422b9eba8b13675dd4
+ Output=82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666
+
++Availablein = default
+ Verify=RSA-PSS-10
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=b503319399277fd6c1c8f1033cbf04199ea21716
+ Output=14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3
+
++Availablein = default
+ Verify=RSA-PSS-10
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=50aaede8536b2c307208b275a67ae2df196c7628
+ Output=6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb
+
++Availablein = default
+ Verify=RSA-PSS-10
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=aa0b72b8b371ddd10c8ae474425ccccf8842a294
+ Output=34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb
+
++Availablein = default
+ Verify=RSA-PSS-10
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=fad3902c9750622a2bc672622c48270cc57d3ea8
+ Output=7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc
+
++Availablein = default
+ Verify=RSA-PSS-10
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -1999,11 +2043,13 @@ Securitycheck = 1
+ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
+ Result = KEYOP_INIT_ERROR
+
+-# Verifying with SHA1 is permitted in fips mode for older applications
++# Verifying with SHA1 is not permitted on RHEL-9 in FIPS mode
++Availablein = fips
+ DigestVerify = SHA1
+ Key = RSA-2048
+ Input = "Hello "
+ Output = 87ea0e2226ef35e5a2aec9ca1222fcbe39ba723f05b3203564f671dd3601271806ead3240e61d424359ee3b17bd3e32f54b82df83998a8ac4148410710361de0400f9ddf98278618fbc87747a0531972543e6e5f18ab2fdfbfda02952f6ac69690e43864690af271bf43d4be9705b303d4ff994ab3abd4d5851562b73e59be3edc01cec41a4cc13b68206329bad1a46c6608d3609e951faa321d0fdbc765d54e9a7c59248d2f67913c9903e932b769c9c8a45520cabea06e8c0b231dd3bcc7f7ec55b46b0157ccb5fc5011fa57353cd3df32edcbadcb8d168133cbd0acfb64444cb040e1298f621508a38f79e14ae8c2c5c857f90aa9d24ef5fc07d34bf23859
++Result = DIGESTVERIFYINIT_ERROR
+
+ # Verifying with a 1024 bit key is permitted in fips mode for older applications
+ DigestVerify = SHA256
+diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
+index f3f9eac1f3..b9b524ea14 100644
+--- a/test/recipes/80-test_cms.t
++++ b/test/recipes/80-test_cms.t
+@@ -171,7 +171,7 @@ my @smime_pkcs7_tests = (
+ [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1",
+ "-certfile", $smroot,
+ "-signer", $smrsa1, "-out", "{output}.cms" ],
+- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
++ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms",
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
+ \&final_compare
+ ],
+@@ -179,7 +179,7 @@ my @smime_pkcs7_tests = (
+ [ "signed zero-length content S/MIME format, RSA key SHA1",
+ [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1",
+ "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ],
+- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
++ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms",
+ "-CAfile", $smroot, "-out", "{output}.txt" ],
+ \&zero_compare
+ ],
+diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
+index 568a1ddba4..6332aaec4b 100755
+--- a/test/recipes/80-test_ssl_old.t
++++ b/test/recipes/80-test_ssl_old.t
+@@ -462,6 +462,9 @@ sub testssl {
+ 'test sslv2/sslv3 with 1024bit DHE via BIO pair');
+ }
+
++ SKIP: {
++ skip "SSLv3 is not supported by the FIPS provider", 4
++ if $provider eq "fips";
+ ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])),
+ 'test sslv2/sslv3 with server authentication');
+ ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])),
+@@ -470,6 +473,7 @@ sub testssl {
+ 'test sslv2/sslv3 with both client and server authentication via BIO pair');
+ ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])),
+ 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify');
++ }
+
+ SKIP: {
+ skip "No IPv4 available on this machine", 4
+--
+2.48.1
+
diff --git a/0027-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-fixed-OAE.patch b/0027-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-fixed-OAE.patch
new file mode 100644
index 0000000..937a0df
--- /dev/null
+++ b/0027-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-fixed-OAE.patch
@@ -0,0 +1,387 @@
+From b34154a7cd295f8064d243318211c63b3d7be625 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Wed, 12 Feb 2025 17:12:02 -0500
+Subject: [PATCH 27/49] NEEDS-REWORK:
+ FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ ...EP-in-KATs-support-fixed-OAEP-seed.p.patch | 348 ++++++++++++++++++
+ REBASE.txt | 10 +
+ 2 files changed, 358 insertions(+)
+ create mode 100644 Originally-0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.p.patch
+ create mode 100644 REBASE.txt
+
+diff --git a/Originally-0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.p.patch b/Originally-0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.p.patch
+new file mode 100644
+index 0000000000..793b8a4dac
+--- /dev/null
++++ b/Originally-0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.p.patch
+@@ -0,0 +1,348 @@
++From a0e92712c141cda0b8321feb492982506b18c612 Mon Sep 17 00:00:00 2001
++From: rpm-build <rpm-build>
++Date: Wed, 6 Mar 2024 19:17:15 +0100
++Subject: [PATCH 28/55]
++ 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
++
++Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
++Patch-id: 73
++Patch-status: |
++ # # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
++From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
++---
++ crypto/rsa/rsa_local.h | 8 ++
++ crypto/rsa/rsa_oaep.c | 34 ++++++--
++ providers/fips/self_test_data.inc | 79 ++++++++++---------
++ providers/fips/self_test_kats.c | 7 ++
++ .../implementations/asymciphers/rsa_enc.c | 41 +++++++++-
++ util/perl/OpenSSL/paramnames.pm | 1 +
++ 6 files changed, 126 insertions(+), 44 deletions(-)
++
++diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
++index ea70da05ad..dde57a1a0e 100644
++--- a/crypto/rsa/rsa_local.h
+++++ b/crypto/rsa/rsa_local.h
++@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to
++ int tlen, const unsigned char *from,
++ int flen);
++
+++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
+++ unsigned char *to, int tlen,
+++ const unsigned char *from, int flen,
+++ const unsigned char *param,
+++ int plen, const EVP_MD *md,
+++ const EVP_MD *mgf1md,
+++ const char *redhat_st_seed);
+++
++ #endif /* OSSL_CRYPTO_RSA_LOCAL_H */
++diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
++index b9030440c4..3d665c3860 100644
++--- a/crypto/rsa/rsa_oaep.c
+++++ b/crypto/rsa/rsa_oaep.c
++@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
++ param, plen, NULL, NULL);
++ }
++
+++#ifdef FIPS_MODULE
+++extern int REDHAT_FIPS_asym_cipher_st;
+++#endif /* FIPS_MODULE */
+++
++ /*
++ * Perform the padding as per NIST 800-56B 7.2.2.3
++ * from (K) is the key material.
++@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
++ * Step numbers are included here but not in the constant time inverse below
++ * to avoid complicating an already difficult enough function.
++ */
++-int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
++- unsigned char *to, int tlen,
++- const unsigned char *from, int flen,
++- const unsigned char *param,
++- int plen, const EVP_MD *md,
++- const EVP_MD *mgf1md)
+++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
+++ unsigned char *to, int tlen,
+++ const unsigned char *from, int flen,
+++ const unsigned char *param,
+++ int plen, const EVP_MD *md,
+++ const EVP_MD *mgf1md,
+++ const char *redhat_st_seed)
++ {
++ int rv = 0;
++ int i, emlen = tlen - 1;
++@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
++ db[emlen - flen - mdlen - 1] = 0x01;
++ memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
++ /* step 3d: generate random byte string */
+++#ifdef FIPS_MODULE
+++ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) {
+++ memcpy(seed, redhat_st_seed, mdlen);
+++ } else
+++#endif
++ if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
++ goto err;
++
++@@ -136,6 +146,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
++ return rv;
++ }
++
+++int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
+++ unsigned char *to, int tlen,
+++ const unsigned char *from, int flen,
+++ const unsigned char *param,
+++ int plen, const EVP_MD *md,
+++ const EVP_MD *mgf1md)
+++{
+++ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from,
+++ flen, param, plen, md,
+++ mgf1md, NULL);
+++}
+++
++ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
++ const unsigned char *from, int flen,
++ const unsigned char *param, int plen,
++diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
++index 4b80bb70b9..c33ecd0791 100644
++--- a/providers/fips/self_test_data.inc
+++++ b/providers/fips/self_test_data.inc
++@@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
++ };
++
++ /*-
++- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
+++ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
++ * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
++ * HP/UX PA-RISC compilers.
++ */
++-static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
+++static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP;
+++static const char oaep_fixed_seed[] = {
+++ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25,
+++ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab,
+++ 0x2e, 0x4b, 0x2c, 0xe6
+++};
++
++ static const ST_KAT_PARAM rsa_enc_params[] = {
++- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
+++ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
+++ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED,
+++ oaep_fixed_seed),
++ ST_KAT_PARAM_END()
++ };
++
++@@ -1342,43 +1349,43 @@ static const unsigned char rsa_expected_sig[256] = {
++ 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
++ };
++
++-static const unsigned char rsa_asym_plaintext_encrypt[256] = {
+++static const unsigned char rsa_asym_plaintext_encrypt[208] = {
++ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
++ 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
++ };
++ static const unsigned char rsa_asym_expected_encrypt[256] = {
++- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b,
++- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61,
++- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c,
++- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc,
++- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0,
++- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa,
++- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a,
++- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc,
++- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35,
++- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a,
++- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd,
++- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda,
++- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18,
++- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7,
++- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39,
++- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87,
++- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21,
++- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0,
++- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8,
++- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c,
++- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa,
++- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69,
++- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52,
++- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c,
++- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6,
++- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93,
++- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d,
++- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5,
++- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9,
++- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04,
++- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa,
++- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
+++ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74,
+++ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c,
+++ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e,
+++ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b,
+++ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25,
+++ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89,
+++ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1,
+++ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50,
+++ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17,
+++ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2,
+++ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb,
+++ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d,
+++ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e,
+++ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f,
+++ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3,
+++ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06,
+++ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25,
+++ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78,
+++ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04,
+++ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c,
+++ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47,
+++ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce,
+++ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0,
+++ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6,
+++ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99,
+++ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30,
+++ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20,
+++ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb,
+++ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27,
+++ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66,
+++ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a,
+++ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06
++ };
++
++ #ifndef OPENSSL_NO_EC
++diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
++index f13c41abd6..4ea10670c0 100644
++--- a/providers/fips/self_test_kats.c
+++++ b/providers/fips/self_test_kats.c
++@@ -642,14 +642,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
++ return ret;
++ }
++
+++int REDHAT_FIPS_asym_cipher_st = 0;
+++
++ static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
++ {
++ int i, ret = 1;
++
+++ REDHAT_FIPS_asym_cipher_st = 1;
+++
++ for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
++ if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
++ ret = 0;
++ }
+++
+++ REDHAT_FIPS_asym_cipher_st = 0;
+++
++ return ret;
++ }
++
++diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
++index d548560f1f..f3443b0c66 100644
++--- a/providers/implementations/asymciphers/rsa_enc.c
+++++ b/providers/implementations/asymciphers/rsa_enc.c
++@@ -30,6 +30,9 @@
++ #include "prov/implementations.h"
++ #include "prov/providercommon.h"
++ #include "prov/securitycheck.h"
+++#ifdef FIPS_MODULE
+++# include "crypto/rsa/rsa_local.h"
+++#endif
++
++ #include <stdlib.h>
++
++@@ -75,6 +78,9 @@ typedef struct {
++ /* TLS padding */
++ unsigned int client_version;
++ unsigned int alt_version;
+++#ifdef FIPS_MODULE
+++ char *redhat_st_oaep_seed;
+++#endif /* FIPS_MODULE */
++ /* PKCS#1 v1.5 decryption mode */
++ unsigned int implicit_rejection;
++ } PROV_RSA_CTX;
++@@ -193,12 +199,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
++ }
++ }
++ ret =
++- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
+++#ifdef FIPS_MODULE
+++ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(
+++#else
+++ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(
+++#endif
+++ prsactx->libctx, tbuf,
++ rsasize, in, inlen,
++ prsactx->oaep_label,
++ prsactx->oaep_labellen,
++ prsactx->oaep_md,
++- prsactx->mgf1_md);
+++ prsactx->mgf1_md
+++#ifdef FIPS_MODULE
+++ , prsactx->redhat_st_oaep_seed
+++#endif
+++ );
++
++ if (!ret) {
++ OPENSSL_free(tbuf);
++@@ -332,6 +347,9 @@ static void rsa_freectx(void *vprsactx)
++ EVP_MD_free(prsactx->oaep_md);
++ EVP_MD_free(prsactx->mgf1_md);
++ OPENSSL_free(prsactx->oaep_label);
+++#ifdef FIPS_MODULE
+++ OPENSSL_free(prsactx->redhat_st_oaep_seed);
+++#endif /* FIPS_MODULE */
++
++ OPENSSL_free(prsactx);
++ }
++@@ -455,6 +473,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
++ NULL, 0),
++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
+++#ifdef FIPS_MODULE
+++ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
+++#endif /* FIPS_MODULE */
++ OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL),
++ OSSL_PARAM_END
++ };
++@@ -465,6 +486,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
++ return known_gettable_ctx_params;
++ }
++
+++#ifdef FIPS_MODULE
+++extern int REDHAT_FIPS_asym_cipher_st;
+++#endif /* FIPS_MODULE */
+++
++ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
++ {
++ PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
++@@ -576,6 +601,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
++ prsactx->oaep_labellen = tmp_labellen;
++ }
++
+++#ifdef FIPS_MODULE
+++ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED);
+++ if (p != NULL && REDHAT_FIPS_asym_cipher_st) {
+++ void *tmp_oaep_seed = NULL;
+++
+++ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL))
+++ return 0;
+++ OPENSSL_free(prsactx->redhat_st_oaep_seed);
+++ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed;
+++ }
+++#endif /* FIPS_MODULE */
+++
++ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION);
++ if (p != NULL) {
++ unsigned int client_version;
++diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
++index c37ed7815f..70f7c50fe4 100644
++--- a/util/perl/OpenSSL/paramnames.pm
+++++ b/util/perl/OpenSSL/paramnames.pm
++@@ -401,6 +401,7 @@ my %params = (
++ 'ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION' => "tls-client-version",
++ 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version",
++ 'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection",
+++ 'ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED' => "redhat-kat-oaep-seed",
++
++ # Encoder / decoder parameters
++
++--
++2.48.1
++
+diff --git a/REBASE.txt b/REBASE.txt
+new file mode 100644
+index 0000000000..2833a383c1
+--- /dev/null
++++ b/REBASE.txt
+@@ -0,0 +1,10 @@
++0028-0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.p.patch
++
++Some asym testing has been dropped upstream, unclear if this needs to survive,
++if so we may need to resurrect deleted code in upstream patch:
++
++ commit 635bf4946a7e948f26a348ddc3b5a8d282354f64
++
++ fips: remove redundant RSA encrypt/decrypt KAT
++--
++
+--
+2.48.1
+
diff --git a/0028-FIPS-FIPS-140-3-DRBG-NEEDS-REVIEW.patch b/0028-FIPS-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
new file mode 100644
index 0000000..1539d51
--- /dev/null
+++ b/0028-FIPS-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
@@ -0,0 +1,172 @@
+From 353b7808b6d0c4699006df79e58fd5d10a9d2f62 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:16 +0100
+Subject: [PATCH 28/49] FIPS: FIPS-140-3 DRBG - NEEDS REVIEW
+
+providers/implementations/rands/crngt.c is gone
+
+Patch-name: 0076-FIPS-140-3-DRBG.patch
+Patch-id: 76
+Patch-status: |
+ # # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
+ # # https://bugzilla.redhat.com/show_bug.cgi?id=2102541
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ crypto/rand/prov_seed.c | 9 ++-
+ providers/implementations/rands/drbg.c | 11 ++-
+ providers/implementations/rands/drbg_local.h | 2 +-
+ .../implementations/rands/seeding/rand_unix.c | 68 ++-----------------
+ 4 files changed, 23 insertions(+), 67 deletions(-)
+
+diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c
+index 2985c7f2d8..3202a28226 100644
+--- a/crypto/rand/prov_seed.c
++++ b/crypto/rand/prov_seed.c
+@@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused OSSL_LIB_CTX *ctx,
+ size_t entropy_available;
+ RAND_POOL *pool;
+
+- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
++ /*
++ * OpenSSL still implements an internal entropy pool of
++ * some size that is hashed to get seed data.
++ * Note that this is a conditioning step for which SP800-90C requires
++ * 64 additional bits from the entropy source to claim the requested
++ * amount of entropy.
++ */
++ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
+ if (pool == NULL) {
+ ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB);
+ return 0;
+diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
+index 4925a3b400..1cdb67b22c 100644
+--- a/providers/implementations/rands/drbg.c
++++ b/providers/implementations/rands/drbg.c
+@@ -559,6 +559,9 @@ static int ossl_prov_drbg_reseed_unlocked(PROV_DRBG *drbg,
+ #endif
+ }
+
++#ifdef FIPS_MODULE
++ prediction_resistance = 1;
++#endif
+ /* Reseed using our sources in addition */
+ entropylen = get_entropy(drbg, &entropy, drbg->strength,
+ drbg->min_entropylen, drbg->max_entropylen,
+@@ -680,8 +683,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen,
+ reseed_required = 1;
+ }
+ if (drbg->parent != NULL
+- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter)
++ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) {
++#ifdef FIPS_MODULE
++ /* Red Hat patches provide chain reseeding when necessary so just sync counters*/
++ drbg->parent_reseed_counter = get_parent_reseed_count(drbg);
++#else
+ reseed_required = 1;
++#endif
++ }
+
+ if (reseed_required || prediction_resistance) {
+ if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL,
+diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h
+index e591e0b3d1..c7cafba1ea 100644
+--- a/providers/implementations/rands/drbg_local.h
++++ b/providers/implementations/rands/drbg_local.h
+@@ -39,7 +39,7 @@
+ *
+ * The value is in bytes.
+ */
+-#define CRNGT_BUFSIZ 16
++#define CRNGT_BUFSIZ 32
+
+ /*
+ * Maximum input size for the DRBG (entropy, nonce, personalization string)
+diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
+index c3a5d8b3bf..b7b34a9345 100644
+--- a/providers/implementations/rands/seeding/rand_unix.c
++++ b/providers/implementations/rands/seeding/rand_unix.c
+@@ -53,6 +53,8 @@
+ # include <fcntl.h>
+ # include <unistd.h>
+ # include <sys/time.h>
++# include <sys/random.h>
++# include <openssl/evp.h>
+
+ static uint64_t get_time_stamp(void);
+
+@@ -339,70 +341,8 @@ static ssize_t syscall_random(void *buf, size_t buflen)
+ * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
+ * between size_t and ssize_t is safe even without a range check.
+ */
+-
+- /*
+- * Do runtime detection to find getentropy().
+- *
+- * Known OSs that should support this:
+- * - Darwin since 16 (OSX 10.12, IOS 10.0).
+- * - Solaris since 11.3
+- * - OpenBSD since 5.6
+- * - Linux since 3.17 with glibc 2.25
+- *
+- * Note: Sometimes getentropy() can be provided but not implemented
+- * internally. So we need to check errno for ENOSYS
+- */
+-# if !defined(__DragonFly__) && !defined(__NetBSD__) && !defined(__FreeBSD__)
+-# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
+- extern int getentropy(void *buffer, size_t length) __attribute__((weak));
+-
+- if (getentropy != NULL) {
+- if (getentropy(buf, buflen) == 0)
+- return (ssize_t)buflen;
+- if (errno != ENOSYS)
+- return -1;
+- }
+-# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
+-
+- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
+- return (ssize_t)buflen;
+-
+- return -1;
+-# else
+- union {
+- void *p;
+- int (*f)(void *buffer, size_t length);
+- } p_getentropy;
+-
+- /*
+- * We could cache the result of the lookup, but we normally don't
+- * call this function often.
+- */
+- ERR_set_mark();
+- p_getentropy.p = DSO_global_lookup("getentropy");
+- ERR_pop_to_mark();
+- if (p_getentropy.p != NULL)
+- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
+-# endif
+-# endif /* !__DragonFly__ && !__NetBSD__ && !__FreeBSD__ */
+-
+- /* Linux supports this since version 3.17 */
+-# if defined(__linux) && defined(__NR_getrandom)
+- return syscall(__NR_getrandom, buf, buflen, 0);
+-# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \
+- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000) \
+- || (defined(__FreeBSD__) && __FreeBSD_version >= 1200061)
+- return getrandom(buf, buflen, 0);
+-# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
+- return sysctl_random(buf, buflen);
+-# elif defined(__wasi__)
+- if (getentropy(buf, buflen) == 0)
+- return (ssize_t)buflen;
+- return -1;
+-# else
+- errno = ENOSYS;
+- return -1;
+-# endif
++ /* Red Hat uses downstream patch to always seed from getrandom() */
++ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, buflen, GRND_RANDOM) : getrandom(buf, buflen, 0);
+ }
+ # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
+
+--
+2.48.1
+
diff --git a/0029-FIPS-rand-Forbid-truncated-hashes-SHA-3.patch b/0029-FIPS-rand-Forbid-truncated-hashes-SHA-3.patch
new file mode 100644
index 0000000..c5169bb
--- /dev/null
+++ b/0029-FIPS-rand-Forbid-truncated-hashes-SHA-3.patch
@@ -0,0 +1,1116 @@
+From cf7bbcebf5e62370c7ba8f72b049831e9f8bef75 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:16 +0100
+Subject: [PATCH 29/49] FIPS: rand: Forbid truncated hashes & SHA-3
+
+Section D.R "Hash Functions Acceptable for Use in the SP 800-90A DRBGs"
+of the Implementation Guidance for FIPS 140-3 [1] notes that there is no
+efficiency improvement when using truncated hash functions (i.e. SHA-224
+rather than SHA-256 or SHA-384, SHA-512/224, or SHA512/256 rather than
+SHA-512). Starting on 2023-05-16, all submissions to NIST's
+Cryptographic Module Validation Program shall only use SHA-1, SHA-256,
+or SHA-512.
+
+NIST further notes that the same will apply for the truncated versions
+of SHA-3, i.e. SHA3-224 and SHA3-384, and that SHA-3 should currently
+not be used.
+
+Adjust tests to only run Hash-DRBG and HMAC-DRBG tests with truncated
+algorithms in the default provider.
+
+[1]: https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ providers/implementations/rands/drbg_hash.c | 12 ++
+ providers/implementations/rands/drbg_hmac.c | 12 ++
+ test/recipes/30-test_evp_data/evprand.txt | 129 ++++++++++++++++++++
+ 3 files changed, 153 insertions(+)
+
+diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c
+index 8bb831ae35..cedf5c3894 100644
+--- a/providers/implementations/rands/drbg_hash.c
++++ b/providers/implementations/rands/drbg_hash.c
+@@ -579,6 +579,18 @@ static int drbg_hash_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[]
+ if (!ossl_drbg_verify_digest(ctx, libctx, md))
+ return 0; /* Error already raised for us */
+
++#ifdef FIPS_MODULE
++ if (!EVP_MD_is_a(md, SN_sha1)
++ && !EVP_MD_is_a(md, SN_sha256)
++ && !EVP_MD_is_a(md, SN_sha512)) {
++ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
++ "%s is not an acceptable hash function for an SP 800-90A"
++ " DRBG according to FIPS 140-3 IG, section D.R",
++ EVP_MD_get0_name(md));
++ return 0;
++ }
++#endif /* defined(FIPS_MODULE) */
++
+ /* These are taken from SP 800-90 10.1 Table 2 */
+ md_size = EVP_MD_get_size(md);
+ if (md_size <= 0)
+diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c
+index 43b3f8766e..64b7610cd1 100644
+--- a/providers/implementations/rands/drbg_hmac.c
++++ b/providers/implementations/rands/drbg_hmac.c
+@@ -505,6 +505,18 @@ static int drbg_hmac_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[]
+ if (md != NULL && !ossl_drbg_verify_digest(ctx, libctx, md))
+ return 0; /* Error already raised for us */
+
++#ifdef FIPS_MODULE
++ if (!EVP_MD_is_a(md, SN_sha1)
++ && !EVP_MD_is_a(md, SN_sha256)
++ && !EVP_MD_is_a(md, SN_sha512)) {
++ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
++ "%s is not an acceptable hash function for an SP 800-90A"
++ " DRBG according to FIPS 140-3 IG, section D.R",
++ EVP_MD_get0_name(md));
++ return 0;
++ }
++#endif /* defined(FIPS_MODULE) */
++
+ if (md != NULL && hmac->ctx != NULL) {
+ /* These are taken from SP 800-90 10.1 Table 2 */
+ md_size = EVP_MD_get_size(md);
+diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt
+index 9756859c0e..e3bc794997 100644
+--- a/test/recipes/30-test_evp_data/evprand.txt
++++ b/test/recipes/30-test_evp_data/evprand.txt
+@@ -7388,6 +7388,7 @@ Nonce.14 = 7239f92b63fb3dbe
+ PersonalisationString.14 = 8d2e2ca3985bd2538a71f02cc3eb5568
+ Output.14 = 0e4cb328c03faaedbec7215725851069bceae4332de6a70e3521dd065f2f7923485969571ebd7f24be460fd901c6b3e356da6ee5262ef2d76ad14eb0f697f8fb92af2f46630198c5f7018860886147b3
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -8659,6 +8660,7 @@ AdditionalInputA.14 = e5c633ca50dcd83e0a34d397df53f6d7a6f7170a3f81f0e6
+ AdditionalInputB.14 = 5f0beb5a2d2968e83ba87c92bfa420fd6e8526fbbfdea128
+ Output.14 = 8bec11df1022aa50d95daeaf23d78d6ee45c43c5768b90181e106c7df8ff333d7cb87ca1ab83f8742370db1c8c0c0c22f141ff4de33ae8bdb14fee7e6c069819320629c66d94c7c97ff52930a3c1dcd501b60f0f84bda4720ee187ae858a6e068326eda5809716e366d1b608c61b0100
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -8709,6 +8711,7 @@ Entropy.14 = 1194beb668839c47c73e7516f9ba09d23dec3553b3b5532f75b260106dcc2abf
+ Nonce.14 = 3c8a77351e93065d584feeb08c8424a9
+ Output.14 = fabd48bfcdd07968239fe538c2d8c9bde2e257b9b244078f39287c7ee90de167fff56a693c4e64f45081635511b5fd031c0270a31b4a014e44c0516a55ae72345aa11dffcda4ccf8cda50f6948d5ae425d8d53ad5c74cef1364277990156796e1c5dfa1ef095c0d8983477eb24241135760b02c86c86d4ec3627edac8c1a7e32
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -8789,6 +8792,7 @@ AdditionalInputA.14 = 626385595bef7103af0af700e1df048d7572286af709289b7894d2ab09
+ AdditionalInputB.14 = bfe8946dbf27d3a2127ec600351c3920d2531eb9419408233e0a888059b5eb68
+ Output.14 = ee6d07661828213e6453d94faaf76345c70949eca4965714c350313b0bcd8e079e6a07f8b2f7a91bcb7ef39a61568fd1c40ab78f154b3582f830095d571de29f81f9565e46b560d34c32bff55341a991f8e863bd9242c7cdd366be12538bb6922f1abfa19e7998aac61d465fc46538ee9142acc66786f4516ef4105fe1d80372
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -8854,6 +8858,7 @@ Nonce.14 = de2186bafa82b0d08a0b8215e3424512
+ PersonalisationString.14 = d96db27febe22db935b117dc3068374e39c5b2119b497e3c1d858ef649e01de5
+ Output.14 = d04435a8aab397cfcee5151f7aa24298ffc6eee4f577cda42d5e154b8d28cb2f0f945f11a15ed5b76486c88f03081cfd262d94a8e0b332e3c9c608461dcc8eba20d7db209810d25c226fda9fe218022a9b2c96876cb16c06c0553dd84ce57e20338c3d3e03c59ce22e668e25c2c50d5cc9afab91f50a28680964c2dacb9d2fb3
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -8949,6 +8954,7 @@ AdditionalInputA.14 = 5d9446eff72d59529a90b498d8f40983b3b2904f63664fc0aa1de8700d
+ AdditionalInputB.14 = e19707aafa391e8622539d52a05d930292bd0f7c17825dbed5fb7a2f8734081b
+ Output.14 = 6ce2ae37349cbef9ebd1f9b85485810a22d430d94abf66912dd7b6cc751400e777be2f1cebc19d65694a456b2c6429cefd95eb934030846708d50be3b274c2f7de299f3c311038491f271448c7d02ff51de048fa1184e8ee06b7b46a9f123daecbebae4a2183dc8eb6976abf0dae7cdbea6017cd1500f37dfadcce0c1956ea87
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -8999,6 +9005,7 @@ Entropy.14 = a7a1dbf7f828555610197e71e0ad563b8691589c5289ced03e9ef83b6f9ff938
+ Nonce.14 = 4274788c5d80e26ec1ac3a57b9c7c0df
+ Output.14 = 5a907a26c1ef588219d4c69fcf4c5c283ab148a77588a40b323bd24e6dfb29551c4b6116c4d61349f5f8bd9ed497f38b239c37283902beb3c9700c768fa289ee4573f92316efb860a5ca4267b328f03c13138b774b4b9f7516003a699f7a0854a0efb045a5932753a771c2cc6119202b33336f10edb715bcce1d20ff503dda01
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -9079,6 +9086,7 @@ AdditionalInputA.14 = de1bbca12357943b4489cc7209b3f063b51b91acc168ec5e0ad88048b6
+ AdditionalInputB.14 = 6ddd9aba4f100ef902ba50adee53ef44a4f45564c13e774e69557e36a357e7cf
+ Output.14 = 544ec80a966644454886fb97a0f05eb6a4a25fcbce795b5e5b27ee06ba14b7de18dbf54f80a670b87c76c336ac9af16c8958ad6c1bde9a97aa4c1ab5823d24a53c64f6766ce6eb9b7085cf7282499c37fc1e2e825f53bc357bf36d5901e0ae93cd3bd821fa18b5aa17548560f7ad6ef38124814fccf9b2b89de61cfc27c7269b
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -9144,6 +9152,7 @@ Nonce.14 = ab7843b73ecb4858f2cc5e9dfca803ef
+ PersonalisationString.14 = dee559515084d8ac49c3803f09f3d5fed3b307946a2752c267677f22786a0125
+ Output.14 = a12f5e8ea3bb174934c15e5d114ba615da33210c98c38d7fde4b5aef9aecdeaef311d929d7fece7fee11db67134c3326b413b8dc17766ba4fb881105db68688b148fd95d812f6538b14f25afaae84d39025336136d270bd643f2a6c7164930372fb1c8f4f0dab60283e9d8d3440ce8dc66761c5d5c4c13cc3a367feb4869b559
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -9239,6 +9248,7 @@ AdditionalInputA.14 = ead8c0dcf4ddc909aab96eadab509a46908ee5f090983af609f08d8a8b
+ AdditionalInputB.14 = f357bda8f2048929a4e31969ec978cc333d58b4fc09a8aa1b73ec9bdfaa1a8f6
+ Output.14 = 901aabb3f065be08e2f8072d5d3ffcb28ab291420644e407e7a6a3346b75a5be535bdbdd5a8245998689450292df877233ef0783e0bd1765413193790995d884ffcb2c8dc35fe4cfc12def2f091866d735b1dcfc9d8d8c26903d50e9397b1bbd674bb81fc908361b2bddb68f02031d87588cc3e94210422674e93fea6a5329af
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -9289,6 +9299,7 @@ Entropy.14 = dfa94c198483c5daa046f1dd1e4e83f854fd6c5cbc3465f671bdfd36837779ab
+ Nonce.14 = 298de64bbd817d009a71c1424ae839f9
+ Output.14 = bfb9a54ce31406a82608aebc826441f8f633813a0c3bad723b802f3e905a6ee3512ff3513062aea51f93be17aebf1cfcd81868e85db3db9aa98680f974001fda8fe6a644f5efbb9d6e52e99ff606ef1ed7cd3b17fa6c6844790ed58da6df61aba0c200d7dff943588f4520891798098bddc65797b2f99c05efa090c60dc48a4e
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -9369,6 +9380,7 @@ AdditionalInputA.14 = 066b072d48f6cc6bb00273e0bc0ebc086235fe79af1fbdb46318f56c62
+ AdditionalInputB.14 = cfb58f59c6d56993b9f0b5ba1643554072cf4ae8013c236120044ae909083f5f
+ Output.14 = d5dd7f55ffa7d53fc0f679cddadeb869f39b29a6d394c9f1185b11ebefbcb43419c6a26ae3c9ab9d456e2cdba1aead05e67eabd3596526ee431ba7cab7f94838062fcec2363cf0e19849ffef30064263b3a059ce38aa02c2729bff5af9450e035161816724163906112205196c642bfd70f36abb4639fd6e4f7f6a879ebbcc62
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -9434,6 +9446,7 @@ Nonce.14 = ea7d3c3b8f6da0667d7f0d543c68d7d1
+ PersonalisationString.14 = 86c20a7e794c887898d5bc00e98398276a4e3ad8d674fb808a63a44330490d2b
+ Output.14 = ee8e21ff48af611a17d33e130f4e4224330efcc1402b6d55aaf1f514553b880f18df68c0e4279854eb2e9b904c552f69f0e1badc347ebe336b70456f221e07a2fc78df72551d99df3755997029ee1461e2b6e396370096d7e8c2dfceb73214a72ae2b25ccc60b92dd71988eda811ceac4b7c335528249aaf82826a14c142007c
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -9529,6 +9542,7 @@ AdditionalInputA.14 = ea12ddcafa4f578b8b43337508dd8627844d185b10af7de7e907d113c6
+ AdditionalInputB.14 = 0cc670275cd2b0eac5df123eb1fd73c2f2b093b76806943918cf49930fa97515
+ Output.14 = 88dc727007c0e03c8d27d00c87876f8990b271964a5275f636ecd7f18cac9c869e5f9df5fb2d34e7f89c2e9819af562a706a03d9be9318896f5ab16573aebbfd94a681cbf27e7202b8674437667893246c267785d0deca5033de88a61bf5158177391c2e3232ea6f812c468d5629ed9f89ad0bec0f6c7a469f56331f9eba1cd2
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -9579,6 +9593,7 @@ Entropy.14 = 6b9f904ac4b16d36e06a1bddc501d7ef98d5685c1ceadd0a6e1622e0c1e73716
+ Nonce.14 = 4a42f39e5a241a2b96db29055159c91f
+ Output.14 = 785014b0460831b7b67346c6997217b0f6c8e7313687ea6ff4d0b09a0786bd6ac362a0b1ddc6ab8c9c624625a379cbec7f11cf30ddab23cdec054b986175cdae0ca4ba4610e0711bc94e9ab706539d5fa2c1a4fd3cd49042696b58dce465f8e09a200e7d214cda357021c62248a01aeb95f8ffa8bd49d354fdccf4c71eec3491
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -9659,6 +9674,7 @@ AdditionalInputA.14 = 147d51711ae8a420f165db0000d9d0cb9e9cd5447311eed43d7cc9217d
+ AdditionalInputB.14 = 2910968bb1976a1b8ced116e673f408da6fc563695c918ac0a230b0bb800c707
+ Output.14 = 357a7269b30ca744e213d894f5c45d0db9fba897e0c863a56062f5018ad9be9f37b8d550014ed68f2c34bf5195c0b7460df171ff3bd4a590578670c92470d876c8de19d48a6d7fa15fc7996be78d3cc8a5c657439f4bb9865bd56e187d5df2531a405e3e0f4b87c611aa8e226b8b0266290f06f8062456a7a4bf0896e4ddd948
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -10995,6 +11011,7 @@ AdditionalInputA.14 = 23e4e6b0e0c1b28a6f9731f8b09960ce7adac17527b3bbaca7c811daea
+ AdditionalInputB.14 = dc7fac6aeded9e17b5bb5e2bcad9424d42dc07e809da59d52caecba6e75ca457
+ Output.14 = 5a42b35cf1b72d2520d92719a94ef1a7ca5b6d6c7eef2de25c8ea44c1fc3a9a5ff2128f47bbe58084a0c7a3fc790626eff5666b4c1e68fb2f53de3370b29c398d5067b255f5f7f29fdb0f8bc256ee3afbe78a33981626837c55f981e56eb2e1bdd89ca081e48f6da7ce6576fbd37dbd57a3f41cf410cb375614af239f2e10218e777fb97a55d9cc73243882b8d8d2a2c812fbdeaaed90b5bd71a274b4b171cd7e661912c9b3de1714a3fe4931d8fc7cb1c9f64f4e37d4e5dbc31602d2f8699e0
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11045,6 +11062,7 @@ Entropy.14 = 471746177fa3ebbc1f1e06fa42d61d5d491abc82eb7d66e749b87d562a7eff34
+ Nonce.14 = 42f8a1ee9b09940e9e1dc64f51a78b4b
+ Output.14 = 238c9889284139945e657d2c4312ee3ca2013de69be10bdc8b90d54867889f2c15c6cc933913457d4f5a00bd52b0216d90c56bcb341dde7496218861b083f80d8c933627e19b7bd8b73d6dda1bb0b2b0f1f90e2b453cd063938cec3a08f34e5581c1322329d87709e552a97e8a8c8e8e598a5c5cd6623ad1eb9f7ddd12739b1d157b1020cb8cef19402938d31b74e490c0ce75a9f57a17476df1cffa55de73bb8151071edf396c3b9e4607b07c7e2b45c249f5a8194cca1e97af78be47cec0ab0096cf588f3d4432393a8f5423a165d585e2e5f98fe47510d9415418aba28aab1193261036214c35d8ba04650b4539be6b9f7377e3c75ed236d0e69cce004906
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11125,6 +11143,7 @@ AdditionalInputA.14 = 4b69404b80b6f2fec36a7dff1b194a228761694129efa6c6b9a044f553
+ AdditionalInputB.14 = 519c4cf1b30500f729e5426d76373c291e26cafceb594c10c96bdb9aef4b42fa
+ Output.14 = 53568141a5c09b6b02ac4ab674d341aa6300f8be93c0f36a7376a6850abfce068927510a1b98301aaa29252cfadfe5a2f241abc677e9e70fbca287c579acd276c2eec5c8b508f2b119a40164c6a12c0e0ca1d3d53595bbebe32fda2eef2b613329a614a28d3b374a7b031b49dba74b465a7db60a8dbdcc9e952ea143e9d5a3a651c1b0d6dad79341a7c3fd5816933f2579cc005f3c5655eb8d3f9d1e4562a756ecca3fc1d688c9824391ec8444c6024774a295c44c17fe592694dcf41f305f50a16e07fc28e247bb3d9dd0c52c6fde79df84c8d521606cec9a55f909691f5cfd797b69304dff5b60ac816b0d5046a47c2434127da1fbaa86d2844f5164a9dbdd
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11190,6 +11209,7 @@ Nonce.14 = 8680d7b3f0a8ae576bb0f75364b463ea
+ PersonalisationString.14 = c0bf8f2ca4efb48b8dca73ca7148da3cd5981c5a459be32db5a14fc7762c68d6
+ Output.14 = 269b3b656e58f9aeed32c80700d9d1b863b0253b3b33155cc0849efbedfa51cff82262c9342cff7f1a7a58a5954fe66547baa1831fee55ae0d322674c6c784095f43b30c1887fb9fa5e7e7f1905da2808ab810ecd224ab403b6f562bac54e65cf7f0473991ce7d7cbc1a669a022fde3141a9880d974b7ede2fad24a3263570443cab0e8017d242fb4c2032dc8be56d8fc1e0e8f92254c7480e4941259ecc29ea47a1d11e074148b259ff95a94711d767f0655f1e0574dfdc4ae4f27b12015af86aefd36f6c10056c3d83e639e3641cdd8ba178f7779dcf502bab3d7588cffb72f6489981aaa7139c255df0e76bf6bba32e4f547327da4597745b15042869b2c2
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11285,6 +11305,7 @@ AdditionalInputA.14 = 64278bb6b8224b93c0b5339726fb752f6d81e85b204d76376d99779ff1
+ AdditionalInputB.14 = 4995815c060c80e9bead55dfe823b869862bd0e5b4357afe810a53c68d4b0e7b
+ Output.14 = 9b4249e1e692153ecd20e968f86eb31bf9a22d3671d0ce9d3eea243bfc70890644a95d551cb9956cc3770e95c2f14ff154760cba1b24c51c41f7a961a4502aa053068751618eaaf743e0d37fd41ab4969444519c22c8fd96f9eb1be6ff3ae01a25abba84a259dad8bbc78f47dcab3ac2242e6974a56454999b4c59243102b731fc4bb4e01c92d36f232ca8cfe00fcbc0ac200c2e403d17d5d1dd3d6c2095ddd15ad58a070f18b69a5f5d3f240435d298bd48bd9be028ccaeb10997f88857a848882f51a193522bb0b979b37b5508775fe150cab8ce97c0760b7418b5bbe496562fe639540e77c1025c0e191fe000aa5d1e49bf02a5a3c6f46b40dd2c47786d45
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11335,6 +11356,7 @@ Entropy.14 = 337373a24fe76f025575b3dbd7eeedd03d3459d6ef44cd53335a9c4963cc45de
+ Nonce.14 = ebbea7e8e1a3a45c58044b65ab7688b9
+ Output.14 = 21ae4510a133fa0906c873eb73e00d777b68a45a1de8759b1497f5146f0c45cf612b02e972ec93ebccbb85c9adaf0f5942fcfbb3b808482f05497f2f4734dd6d42c8413e1bd1bad10463dd4b4cf29f1662c15efc6d24955b1e54a60508d9ed008c9d29f8a6bddfe564c21473271350137452f4601179af37e19d553ec738539cfd7a8df17f07e1f9db5df776256e3c00199997307de394a8ba41be2829defbd8105fcb3cda215219fecb607eb1e7137a29eef188ca7eb349d2d1fe27edc2526ccc6d8f1af7eec9c06910f3909907f966d5904b32577f2715cc32ac08f1b5e25a734716ffddf60c57d422b515ce817b605ead2f875db7a789e351b660704f0cbc
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11415,6 +11437,7 @@ AdditionalInputA.14 = 771e91743429c40a2e3ececc9a3d73a92336c9c988c5d9dde47563b631
+ AdditionalInputB.14 = ae1a58611aa54df3c655a1f20985552ed9e3610e92170a0de1a4573a5a1f93d7
+ Output.14 = b2534bf690444513bdfecb35bd616b0de47b7cca7f8ab9c5e823b468da62855601b59c6bb75cf34fe3dbc7f795536b9619d243c0f6960895d6710130fbfda2a0bff803e856f1cf21a63e86e59be0d6da7516b697e9ff95c341913ff27c8abe10e6af1b7ad8dec9f7aab46b8d35c103f9bff3016b39ec24026a7b582f6e95261031f734e29a1b64c65639cf238381e5f7e31da624ad24290930501132c860118b6c59052aaa7cf982486219431311453a431a1cf50deaf068e2f9993c0ab851c9aec72be8f7c5c57ed03c488befe6ffc256efe6db52b7734c042b69a5ed74e2593c4788c5fa8a03a5017b927bb8f1c8262925d734c5604639a9b441187b0d95e3
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11480,6 +11503,7 @@ Nonce.14 = 78e7f6e9e8e1511bc0ba7f230b65fe47
+ PersonalisationString.14 = 37544eb1992fc569ff259946d639a00230ec1196c5565b8f9da62d9ce552e09a
+ Output.14 = 0ddbb84e21d4d7110b933bbeaddb35ad81dc1f331ac8293695b30924f2713eca6f93a13d520da4486f32a12412a927d00e3f27009a944056a5805b0e050f5bf6c6bd32c523c1d607d6e3e97b59fd059a610d664396f69961599ce7f0a0cbd1dcff15474ac267e36c0b871c559fd13b7ff0c3fcc11ff8dac26761a42697c3744981cc5c5ac10cd0f3b285c4ceb4a550ecead095f90fb6f53aa302218ede7ed5ae5deac91a83f957d15ee901746d11777b23c327ee811966690f5f253c7c314a2bf2bea73ca46c6c8cc332c3493f9d023029d762fc90e5dddbb838f2225c521f196332812570a17455b3db45306aa9100ca83185395435137a0b961531cbcafc03
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11575,6 +11599,7 @@ AdditionalInputA.14 = 8dab17e96142c890eb16981b97364223e815130bdb0c0c284e50dd3349
+ AdditionalInputB.14 = 1439e2d19a99703fc35607b5bde55331eca67b2b9a9f7587ddba0dd1fe690ab2
+ Output.14 = aa088ba4682bd2285e90c7967a7b8a518e0ec45afd490d367022893e3822c09d967d06ff28748b5de3fb33b071b73c581bd893b6641a72cd5db35540b904eae19765cc121ca4dc9404530114c3369fa80d20dd63c8c09559c4be48aa26ca77b47579dc52fdf0eb2f2db84ab688b87f63097140aef65410fcd7a81c2bddb2c92f9d67b2e46647aadd9b85c9e17ff8b579cd672708282981ba54d854e7c9a1de66621845ae2d337a90025ccbdd1b0d695790b1f977b1e944bbc04d16a9a399628bfb33f98b40e13567514d8ce0b23340803718ea3da44fa84c923f2a85ba21495c2f9541cbe8cadc0b230b1b942e934eb4fe95c3754a77a09641ad730a550fc24e
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11625,6 +11650,7 @@ Entropy.14 = 5f72e390aa960846a0004d266e3741b6fe0aaac98d9d87b4cbaaa7a2af0d0bdf
+ Nonce.14 = 2074991cf0c22cd34b2de48ea1f9ec66
+ Output.14 = 7bf54b69e455c7941e8e24ef59b5525dc1ed3b7f934333713b9dc305dcae2cd1b74648149e04bb4f4e00b110926a6bfead7adef954b6d7e180ff820192677efa3c0c8af6a3e201d8d555cc599cdd2626d8778ea2c7a2a8e0c99e719929ae9ac4fb9a7e5176da8987508d1152909f456a4ce9461188e264cda1c879af1a8cca6c182e73c164986cbf07f441756791fa1fae40b784800335d94b0b54135831044bf0cb5dbb5c0c71de6b6ae33d6b87782d34be3cbc2991ad109d6c0440916d91baf96c4375ecdc9f09dca79671a45309c408062cd08ee623c8de007cda3b3d110425d7e8fee13b2a14215033d9ea2397cc6b5c995f37273a00dbcdf9437bc77857
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11705,6 +11731,7 @@ AdditionalInputA.14 = 97f8c1e98fd25289be846d80f667341a095dfbabd610c691ad6b2b901c
+ AdditionalInputB.14 = 136912d2805ab8ffcb4e7d6a81e37e14b7f7bb65dd0241d56f11d7c72dd5de1d
+ Output.14 = 2e1f4954107f3654f51024f032518ba91512c9d8005265ff35248487b8c87d8862b8caaae27898a22f9ba7a0297fc071ceb6a1612bb99c0f15210a11f5a0725158832996f15106a7c43a216f90501c0dfb36933be940a875d4f6b0e5c29edb01614a26cb3ff7b906762fd6435eb7cec8c88f5fd7c4d76fcb018c08987108117c95d4d35c1c59efc06358c7abe7a73012ae4440b2ec86c3664e5549b8b0a30d6c8538d6e5151f9c17f9ce026556508b8b3d926e4364839bb526a94c7d8abf4c1241cd844bc6227a01d024affaedd4701129fb0f9b5ae853c7085ca13ec78ffa3476ddb1c1e71942c351c3ce9a855ccfa4c3c7f92b59d5b67e8eab16b699b7ed5b
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11770,6 +11797,7 @@ Nonce.14 = fe9dfa1b683fa9cc70b7c7f8c81185b2
+ PersonalisationString.14 = 7e86cf4111fbea8fa9b180a1bd9ff3e9d233304b1d293adffa49ce8e77f400ab
+ Output.14 = ca0a6268d034f6817edcb6875b4754b5e9b2061ce0bc2bcd27c28065d8258b40ae63bf6d1e15521196da0afea8139c10d7bf3b54694a82d24476c578991fce1371e40b78087d95b1117650af7134567513a017353bb4af85cdc98db757cec9f92df42b7323b1e5d05387debb02750683a5553bdfb5f9fa34e14d29e09ad18bc6ef2380c173a19631abde085369ff47fa8b4fdfebe13b95b90c6f5841fe5aa6334edcfae26c13cc5d14d17a02d684b64bd55841831bde4c75de7d49bdc1a405d4e3e0d327bec44644e972349a49cbd48a4d3b8e984f5847ffeba950fff55bba9b287d51d8475f7799752208da31d91853fe6d04d97ea2a33d53b07a4fc787be2a
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11865,6 +11893,7 @@ AdditionalInputA.14 = 91e14e178a033e26e6f6a0b0f3890fa46f83731a14cf31445c51a92166
+ AdditionalInputB.14 = 20299371a1de6f994260d1c59c1d3f731d8f70fea6e9389b3ede54d47594414d
+ Output.14 = 1b4efcce136b40bdc792d1607d4ab4fadc10d5e2b22eacca6f412d3aa1c60320bf825778e7ff8296db9ea360e068350f90d7d4947dc9a2e2a4074653458784059ceebf2a97db0e4a29f7c6107783fa3683b6846b8c8ce7161082405643bb84d602c6c36ca79b2b6562417f0d15f46a4fbdc445d50935f49eedf01bb131d104385369fdf88d91518618134a37c5bf73140400cced73795910ad0d2a89db2d79355ecedbcdabf135219d2afd7ac28cd7e45c6fd4e913ce5d464fd6de6e4c62b76ff86c28b0ab27a3c2622cacec075c790a7ff2f57f99ccb89c590a1dfb5a1862200c9cdf97f94eef18ddc85cf9830be662cec1885a629a6603add9396fb26341d9
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11915,6 +11944,7 @@ Entropy.14 = c5ebb2ae08a03815e496c2db1e2a650b40893ea78fbd7ca8434edcde4432a43e
+ Nonce.14 = 0cede46aca7d2a60f2e98eb3c7d1dba7
+ Output.14 = 6d8eeb5ba130de7dca993b44b46e08894fd84ab8c347992aeeac56ce5fb5f435bba92f1129aaf9b3035aa117301a1289acc222cdac043dac58b62567102dd5a57483d79fd703e188a0fe47254bb20b361281b5b8cedded86ba9b6d86deb30e539eb7ee007131ab2af99408f38ec7fd66bec4f1ed71251c149dbf8393b6dbe96cdeb9a3b5ee065ec8636444e72339ed2cb27fbbe5421f7f141940d6fa1cf570b8dd0393625ae16b10df2f1f6fe35dba15a732357dcdf4f56abcbb47a4640dcef618e27d049e27f2af7b8634faad00280e004cfe3f52d63185eccd6c4937a026830c38e1ed6aa9bfeaf739416706f63bb8b1475ac25d734db28e39163aa0c69c52
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -11995,6 +12025,7 @@ AdditionalInputA.14 = def9d8f7b18023b69c6cd4121c0adbc2a89b3ca37333d4523261d5eb20
+ AdditionalInputB.14 = 06051dec796525094018b436605bd2ddd66359a2836a5996e8262bb7763fadc0
+ Output.14 = 29e8184e37a5c26670bdc95c842c602ed8b0cf102ca144133e8cc841e1dc32fd038a72c26b8be8a568db60a4cfbd52b0d8b74cdf180a4931d6dd19a255104db105b3366d75e8f6afd0e5fab4dc14f6deac82e7703eb6a61f22b79bdad8ac7fab95a58a71f80fa510542615c305f7cbf84790060f17e7d78ab5d4b0ca34fad47133a0627b803c1caee3b97fe47626a8590672e2211f39cbe1b79d1999fb772b884122c8e50c59fdd3de13a53e805f40f8aa35501571a4c4cce79a8f738e60a43a11afdbed94e26f474ba5cd6ff5cdaf00d0fb84109aeb3510f1ea576c70ae78cdd0415a0521f3ff4083f9160011dcd6e2802cfbbbdfe9c4a3b114dd47b3a6cddb
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -12060,6 +12091,7 @@ Nonce.14 = 7b9a876017e5e14bd6a19719c73035da
+ PersonalisationString.14 = eb97028b093f820b182384baafa56ecf196dc11ebc515a405ac24f73e465ae9a
+ Output.14 = 3791ee66e505257b0bebc4319897e80ea8a70577b8a85d809cc7e4c77a458e8517368e2eaa7c0623b91ab3ebc4de3240e00e5f0cd20524d73b8000f00a3cecf869bee26763db9689dfaad9b5f21e3975f750e0c6b694d7df35fea26b2ff3c2bc679b5ecaf129320dde8245677aab9fb54b8faa97d394adae687a35b00f026430ef29bc7226957dac5edbc4a70dc82fcac00bf89d97e11d2a3e6ecfc4af4536c329ed3f4dda201db47236b03f30daf71e6368a18ab6224a023fca2ead589d9ea165d66fbce2b37a630d18ef1c97a619cd8949f16f44a9bc0f5837737d7fa4355587af5ab452f53fb82dd8b8b4706cf04e77938d7e0c3a9744c353edd0c6931591
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -31145,6 +31177,7 @@ Output.14 = 01f11971835819c1148aa079eea09fd5b1aa3ac6ba557ae3317b1a33f4505174cf9d
+
+ Title = Hash DRBG No Reseed Tests (from NIST test vectors)
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -31195,6 +31228,7 @@ Entropy.14 = 6fe9597b59903b1af4012a15368af7b1
+ Nonce.14 = fd3e84b3a96caaff
+ Output.14 = 1eee4c786476d488e58d0e065bb025db548787fafbe757f29ee2bd4781cf69216091ba2b68919b54ad3070ac72a2342320eb1e697b9115acbe07e194d060562e4d0fd966ab29e2c5e560574b2dac04ce
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -31275,6 +31309,7 @@ AdditionalInputA.14 = 93dc424bd0d266879601745a23317141
+ AdditionalInputB.14 = a17321015d327c5dc0bc1e130aad81ee
+ Output.14 = f682834b5b492e09ff8e0f2c80683b032a3b262d16bc609c550dc0e74a4b7d8ebc0e3b8f2c9970d90aec9a82497dded20422b17b9e3cc3bca771cbe717ddaed5a7a6ae2601c7f765eaa719b71624e83b
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -31340,6 +31375,7 @@ Nonce.14 = fa9adae924417150
+ PersonalisationString.14 = dbad22c389c527715d21a5bdf38c1fad
+ Output.14 = a18d57e672218956e6c8cb9901d02888f3587177c3e11e1a99ea72370347b953a9f122c9446dfa109723b27f36fbf15edf103a56741c24968592479cfe30bc0053fa7b9818e9debcc494db64d15d038b
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -31435,6 +31471,7 @@ AdditionalInputA.14 = e488e16f48c61dd2152afe925eceee92
+ AdditionalInputB.14 = 12c692abd90ab485f4d9499680a6893f
+ Output.14 = 8ba04617a135d8abe0c3c0a170e7472e7ed750eac706e5c3ed8305d6f6f8a1a53e0c52d4853b21ab8951e80970b426008ae11952ff364817b6856ef0810860dc65faea487b5d7c3f3d63fd443756d2a8
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -31485,6 +31522,7 @@ Entropy.14 = ceb354444d1a29c0c3e8a1cc24d02846
+ Nonce.14 = 86d3fd9fc51f8b19
+ Output.14 = 6f90ad611987a37bac54bea0782ac78215b7d17ecdd3991a81a36d0e263c6f0dda2c102cfba56b26c7b74b5dd2548be9bc81c7958e9d19821583c6f388132b9e19ae7609add9a296c1e92d66a2ef5464
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -31565,6 +31603,7 @@ AdditionalInputA.14 = 32d09b604a65dc8daa35cdc34141b751
+ AdditionalInputB.14 = b8186a294c7824b7c550c1054badec00
+ Output.14 = ae9a091cfafbf0e74c2be8ad4b984e824a24e65ba7610b0f3ab1750e2f12de1620db6bb8c493b3d8b06ab78e69cf2dffd73d4322a67ee7725aad84fb458b8f26cf04846850202e53c874213221e761e5
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -31630,6 +31669,7 @@ Nonce.14 = 8368ee0e29d35c67
+ PersonalisationString.14 = f189a80d5619f53cce878ed57522a468
+ Output.14 = aeac5933065c33ce2ace2531a193e367f73c83fc328f61ee2627f6f3841914c6b8a3ff767f96b3c3b685bac931af9ec10c6f3efe25b5109bb647b120e3a3f6971a4ec41f4ef0c7a900fdb09d7ff3b247
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -31725,6 +31765,7 @@ AdditionalInputA.14 = af578fbbb8a830947e9b4e2c9e729336
+ AdditionalInputB.14 = 5a69864ca39da1ba4719dfe1dc850a4a
+ Output.14 = 8b846f03cb66f7e49fdddf7cc449a5f3f6ccdc17ae7e2265a5d0e39ea10fc3e6cffefc04147b773a1584e429fe99e885f278aff74a49d8c842e7ccd870f1330692fc9c4836dac5046c544be74652da26
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -31775,6 +31816,7 @@ Entropy.14 = b7ddb82f5664834b4fb17778d22e62f2
+ Nonce.14 = 52461924becab175
+ Output.14 = 8735d06e26814ee54b5daca4e1da3e321a5a19b062ec0c3afbe3b16f23332a687fadb29e65208130c3d667c075660ff70aea96430fee254c472686b8e82ca359a57bbdc3004bb3eb641c1f97e4b19e02
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -31855,6 +31897,7 @@ AdditionalInputA.14 = 7725ef70592c362d70b088ed639f9d9b
+ AdditionalInputB.14 = 5ab2e0067c3b384e55a78492f0f6ed44
+ Output.14 = ca095da39d9c21d7da073d9c95d2e415503b33c327d739f1838bbea4fc6f0254fdaf8ef6152e9263f46b864f39c7104d1d337d99fee588061152e623d7e00a27e03b5d16fe6e543453a31d4dafeda3b5
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -31920,6 +31963,7 @@ Nonce.14 = 4e838a124e4b53df
+ PersonalisationString.14 = 163e393b290a4d390ab0beb392f52d26
+ Output.14 = 76234afc296ea36a44254f999ac31fca258a24427cf4bfe2c54495fc41478ec4a00b540659b3b9461cc6188bc1f57c19ae414bd18aa81eca7b9d765a784f0ef24335e46c2c77b8dc915f5d12c26bc653
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -32015,6 +32059,7 @@ AdditionalInputA.14 = 27486f8dae1b36462639ff7eee869a29
+ AdditionalInputB.14 = d1bfc7eabd8eddf622297012169f351b
+ Output.14 = 4c893c3d1ed3a190fa88e159d6c99f26a02fb5fccb98bdef9fe43f1f492f490109224ba6c317db9569f618984409f2fb3db0b1e2cd4b95746f159cca76f1204f6d2a4c455c547a39a5f79fec95c8f4cd
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -32065,6 +32110,7 @@ Entropy.14 = f484b922f492d19b58407c242ab90e76
+ Nonce.14 = 8952a0a4b666b0c8
+ Output.14 = 2d77235fa273cab3c1bb176d44817cc25300b3f0172a0b5aaa66b282c015d426edec5f1ebbfc0269956b85994167992a71002586923ea234be6c5df09f47d89132e440827b89f7ff97e032b3f74fe32f
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -32145,6 +32191,7 @@ AdditionalInputA.14 = 9e3ea6eac120d663e330d282ca9b9d7c
+ AdditionalInputB.14 = b8d71fce7779a9906b9790cd1d4e48d5
+ Output.14 = 63d28a300a329ca202b98498c9f46912620bc85c246f034dca4186cd9b0e0810a363785878effde90aec8cb584862524eebf940c44fed21cb580d4115f3e0dda07e0e4a66689c2ff3e9b87edfaa4d051
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -32210,6 +32257,7 @@ Nonce.14 = 7239f92b63fb3dbe
+ PersonalisationString.14 = 8d2e2ca3985bd2538a71f02cc3eb5568
+ Output.14 = 0e4cb328c03faaedbec7215725851069bceae4332de6a70e3521dd065f2f7923485969571ebd7f24be460fd901c6b3e356da6ee5262ef2d76ad14eb0f697f8fb92af2f46630198c5f7018860886147b3
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -33481,6 +33529,7 @@ AdditionalInputA.14 = e5c633ca50dcd83e0a34d397df53f6d7a6f7170a3f81f0e6
+ AdditionalInputB.14 = 5f0beb5a2d2968e83ba87c92bfa420fd6e8526fbbfdea128
+ Output.14 = 8bec11df1022aa50d95daeaf23d78d6ee45c43c5768b90181e106c7df8ff333d7cb87ca1ab83f8742370db1c8c0c0c22f141ff4de33ae8bdb14fee7e6c069819320629c66d94c7c97ff52930a3c1dcd501b60f0f84bda4720ee187ae858a6e068326eda5809716e366d1b608c61b0100
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -33531,6 +33580,7 @@ Entropy.14 = 1194beb668839c47c73e7516f9ba09d23dec3553b3b5532f75b260106dcc2abf
+ Nonce.14 = 3c8a77351e93065d584feeb08c8424a9
+ Output.14 = fabd48bfcdd07968239fe538c2d8c9bde2e257b9b244078f39287c7ee90de167fff56a693c4e64f45081635511b5fd031c0270a31b4a014e44c0516a55ae72345aa11dffcda4ccf8cda50f6948d5ae425d8d53ad5c74cef1364277990156796e1c5dfa1ef095c0d8983477eb24241135760b02c86c86d4ec3627edac8c1a7e32
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -33611,6 +33661,7 @@ AdditionalInputA.14 = 626385595bef7103af0af700e1df048d7572286af709289b7894d2ab09
+ AdditionalInputB.14 = bfe8946dbf27d3a2127ec600351c3920d2531eb9419408233e0a888059b5eb68
+ Output.14 = ee6d07661828213e6453d94faaf76345c70949eca4965714c350313b0bcd8e079e6a07f8b2f7a91bcb7ef39a61568fd1c40ab78f154b3582f830095d571de29f81f9565e46b560d34c32bff55341a991f8e863bd9242c7cdd366be12538bb6922f1abfa19e7998aac61d465fc46538ee9142acc66786f4516ef4105fe1d80372
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -33676,6 +33727,7 @@ Nonce.14 = de2186bafa82b0d08a0b8215e3424512
+ PersonalisationString.14 = d96db27febe22db935b117dc3068374e39c5b2119b497e3c1d858ef649e01de5
+ Output.14 = d04435a8aab397cfcee5151f7aa24298ffc6eee4f577cda42d5e154b8d28cb2f0f945f11a15ed5b76486c88f03081cfd262d94a8e0b332e3c9c608461dcc8eba20d7db209810d25c226fda9fe218022a9b2c96876cb16c06c0553dd84ce57e20338c3d3e03c59ce22e668e25c2c50d5cc9afab91f50a28680964c2dacb9d2fb3
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -33771,6 +33823,7 @@ AdditionalInputA.14 = 5d9446eff72d59529a90b498d8f40983b3b2904f63664fc0aa1de8700d
+ AdditionalInputB.14 = e19707aafa391e8622539d52a05d930292bd0f7c17825dbed5fb7a2f8734081b
+ Output.14 = 6ce2ae37349cbef9ebd1f9b85485810a22d430d94abf66912dd7b6cc751400e777be2f1cebc19d65694a456b2c6429cefd95eb934030846708d50be3b274c2f7de299f3c311038491f271448c7d02ff51de048fa1184e8ee06b7b46a9f123daecbebae4a2183dc8eb6976abf0dae7cdbea6017cd1500f37dfadcce0c1956ea87
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -33821,6 +33874,7 @@ Entropy.14 = a7a1dbf7f828555610197e71e0ad563b8691589c5289ced03e9ef83b6f9ff938
+ Nonce.14 = 4274788c5d80e26ec1ac3a57b9c7c0df
+ Output.14 = 5a907a26c1ef588219d4c69fcf4c5c283ab148a77588a40b323bd24e6dfb29551c4b6116c4d61349f5f8bd9ed497f38b239c37283902beb3c9700c768fa289ee4573f92316efb860a5ca4267b328f03c13138b774b4b9f7516003a699f7a0854a0efb045a5932753a771c2cc6119202b33336f10edb715bcce1d20ff503dda01
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -33901,6 +33955,7 @@ AdditionalInputA.14 = de1bbca12357943b4489cc7209b3f063b51b91acc168ec5e0ad88048b6
+ AdditionalInputB.14 = 6ddd9aba4f100ef902ba50adee53ef44a4f45564c13e774e69557e36a357e7cf
+ Output.14 = 544ec80a966644454886fb97a0f05eb6a4a25fcbce795b5e5b27ee06ba14b7de18dbf54f80a670b87c76c336ac9af16c8958ad6c1bde9a97aa4c1ab5823d24a53c64f6766ce6eb9b7085cf7282499c37fc1e2e825f53bc357bf36d5901e0ae93cd3bd821fa18b5aa17548560f7ad6ef38124814fccf9b2b89de61cfc27c7269b
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -33966,6 +34021,7 @@ Nonce.14 = ab7843b73ecb4858f2cc5e9dfca803ef
+ PersonalisationString.14 = dee559515084d8ac49c3803f09f3d5fed3b307946a2752c267677f22786a0125
+ Output.14 = a12f5e8ea3bb174934c15e5d114ba615da33210c98c38d7fde4b5aef9aecdeaef311d929d7fece7fee11db67134c3326b413b8dc17766ba4fb881105db68688b148fd95d812f6538b14f25afaae84d39025336136d270bd643f2a6c7164930372fb1c8f4f0dab60283e9d8d3440ce8dc66761c5d5c4c13cc3a367feb4869b559
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -34061,6 +34117,7 @@ AdditionalInputA.14 = ead8c0dcf4ddc909aab96eadab509a46908ee5f090983af609f08d8a8b
+ AdditionalInputB.14 = f357bda8f2048929a4e31969ec978cc333d58b4fc09a8aa1b73ec9bdfaa1a8f6
+ Output.14 = 901aabb3f065be08e2f8072d5d3ffcb28ab291420644e407e7a6a3346b75a5be535bdbdd5a8245998689450292df877233ef0783e0bd1765413193790995d884ffcb2c8dc35fe4cfc12def2f091866d735b1dcfc9d8d8c26903d50e9397b1bbd674bb81fc908361b2bddb68f02031d87588cc3e94210422674e93fea6a5329af
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -34111,6 +34168,7 @@ Entropy.14 = dfa94c198483c5daa046f1dd1e4e83f854fd6c5cbc3465f671bdfd36837779ab
+ Nonce.14 = 298de64bbd817d009a71c1424ae839f9
+ Output.14 = bfb9a54ce31406a82608aebc826441f8f633813a0c3bad723b802f3e905a6ee3512ff3513062aea51f93be17aebf1cfcd81868e85db3db9aa98680f974001fda8fe6a644f5efbb9d6e52e99ff606ef1ed7cd3b17fa6c6844790ed58da6df61aba0c200d7dff943588f4520891798098bddc65797b2f99c05efa090c60dc48a4e
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -34191,6 +34249,7 @@ AdditionalInputA.14 = 066b072d48f6cc6bb00273e0bc0ebc086235fe79af1fbdb46318f56c62
+ AdditionalInputB.14 = cfb58f59c6d56993b9f0b5ba1643554072cf4ae8013c236120044ae909083f5f
+ Output.14 = d5dd7f55ffa7d53fc0f679cddadeb869f39b29a6d394c9f1185b11ebefbcb43419c6a26ae3c9ab9d456e2cdba1aead05e67eabd3596526ee431ba7cab7f94838062fcec2363cf0e19849ffef30064263b3a059ce38aa02c2729bff5af9450e035161816724163906112205196c642bfd70f36abb4639fd6e4f7f6a879ebbcc62
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -34256,6 +34315,7 @@ Nonce.14 = ea7d3c3b8f6da0667d7f0d543c68d7d1
+ PersonalisationString.14 = 86c20a7e794c887898d5bc00e98398276a4e3ad8d674fb808a63a44330490d2b
+ Output.14 = ee8e21ff48af611a17d33e130f4e4224330efcc1402b6d55aaf1f514553b880f18df68c0e4279854eb2e9b904c552f69f0e1badc347ebe336b70456f221e07a2fc78df72551d99df3755997029ee1461e2b6e396370096d7e8c2dfceb73214a72ae2b25ccc60b92dd71988eda811ceac4b7c335528249aaf82826a14c142007c
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -34351,6 +34411,7 @@ AdditionalInputA.14 = ea12ddcafa4f578b8b43337508dd8627844d185b10af7de7e907d113c6
+ AdditionalInputB.14 = 0cc670275cd2b0eac5df123eb1fd73c2f2b093b76806943918cf49930fa97515
+ Output.14 = 88dc727007c0e03c8d27d00c87876f8990b271964a5275f636ecd7f18cac9c869e5f9df5fb2d34e7f89c2e9819af562a706a03d9be9318896f5ab16573aebbfd94a681cbf27e7202b8674437667893246c267785d0deca5033de88a61bf5158177391c2e3232ea6f812c468d5629ed9f89ad0bec0f6c7a469f56331f9eba1cd2
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -34401,6 +34462,7 @@ Entropy.14 = 6b9f904ac4b16d36e06a1bddc501d7ef98d5685c1ceadd0a6e1622e0c1e73716
+ Nonce.14 = 4a42f39e5a241a2b96db29055159c91f
+ Output.14 = 785014b0460831b7b67346c6997217b0f6c8e7313687ea6ff4d0b09a0786bd6ac362a0b1ddc6ab8c9c624625a379cbec7f11cf30ddab23cdec054b986175cdae0ca4ba4610e0711bc94e9ab706539d5fa2c1a4fd3cd49042696b58dce465f8e09a200e7d214cda357021c62248a01aeb95f8ffa8bd49d354fdccf4c71eec3491
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -34481,6 +34543,7 @@ AdditionalInputA.14 = 147d51711ae8a420f165db0000d9d0cb9e9cd5447311eed43d7cc9217d
+ AdditionalInputB.14 = 2910968bb1976a1b8ced116e673f408da6fc563695c918ac0a230b0bb800c707
+ Output.14 = 357a7269b30ca744e213d894f5c45d0db9fba897e0c863a56062f5018ad9be9f37b8d550014ed68f2c34bf5195c0b7460df171ff3bd4a590578670c92470d876c8de19d48a6d7fa15fc7996be78d3cc8a5c657439f4bb9865bd56e187d5df2531a405e3e0f4b87c611aa8e226b8b0266290f06f8062456a7a4bf0896e4ddd948
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -34546,6 +34609,7 @@ Nonce.14 = 66ad2a0d5de624f3d709cc95e5c99220
+ PersonalisationString.14 = 6f7f8f1ffdcf859adcf6020d5cffdd8e3e1bdcaef0b22e9e61384b888f1b3537
+ Output.14 = 1bc4cd76787f031df8e4f592f56a845f7d8aa200aca0b910e68f149cde112d0f1e127faa7fae25ca4299eacf9e49e132f3e4083f1c5fb0304b714f06cea122bc1392cbe18289d2411ae08642a9196b654a8b177c127b9215f9df815eceb254b8d9b4f632d25d123ceec686124e58b3606ff1ce51fce0752f42232c03694a1d8a
+
++Availablein = default
+ RAND = HASH-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -39331,6 +39395,7 @@ Output.14 = c731cc7b21c42730bd3cca61fc5250b507ad08b24ac471d526f2217f15dc4d1fea85
+
+ Title = HMAC DRBG No Reseed Tests (from NIST test vectors)
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -39381,6 +39446,7 @@ Entropy.14 = 5d80883ce24feb3911fdeb8e730f9588
+ Nonce.14 = 6a63c01478ecd62b
+ Output.14 = 9e351b853091add2047e9ea2da07d41fa4ace03db3d4a43217e802352f1c97382ed7afee5cb2cf5848a93ce0a25a28cdc8e96ccdf14875cb9f845790800d542bac81d0be53376385baa5e7cbe2c3b469
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -39461,6 +39527,7 @@ AdditionalInputA.14 = 7206a271499fb2ef9087fb8843b1ed64
+ AdditionalInputB.14 = f14b17febd813294b3c4b22b7bae71b0
+ Output.14 = 49c35814f44b54bf13f0db52bd8a7651d060ddae0b6dde8edbeb003dbc30a7ffea1ea5b08ebe1d50b52410b972bec51fd174190671eecae201568b73deb0454194ef5c7b57b13320a0ac4dd60c04ae3b
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -39526,6 +39593,7 @@ Nonce.14 = 296bfe331b6578e6
+ PersonalisationString.14 = 4fccbf2d3c73a8e1e92273a33e648eaa
+ Output.14 = 90dc6e1532022a9fe2161604fc79536b4afd9af06ab8adbb77f7490b355d0db3368d102d723a0d0f70d10475f9e99771fb774f7ad0ba7b5fe22a50bfda89e0215a014dc1f1605939590aa783360eb52e
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -39621,6 +39689,7 @@ AdditionalInputA.14 = 4de6c923346d7adc16bbe89b9a184a79
+ AdditionalInputB.14 = 9e9e3412635aec6fcfb9d00da0c49fb3
+ Output.14 = 48ac8646b334e7434e5f73d60a8f6741e472baabe525257b78151c20872f331c169abe25faf800991f3d0a45c65e71261be0c8e14a1a8a6df9c6a80834a4f2237e23abd750f845ccbb4a46250ab1bb63
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -39671,6 +39740,7 @@ Entropy.14 = f41d60edb7749acb68111045000ccef2
+ Nonce.14 = bb5fb8962ca3002f
+ Output.14 = 262821119be1ee0bceedc1bcfd04f7fa2e199b2a7522c4a3a98c4174e0ac4ddcf7323dee2fcf9fbd2fe26c4fad347f7199be105730441f042865aeef50b89c00aa661361b6a1f20849bc7c70aa294543
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -39751,6 +39821,7 @@ AdditionalInputA.14 = b4894bbb6435ffeb710bf5ae440bd744
+ AdditionalInputB.14 = 689fb48c27983ededdd56d5a6b2c0345
+ Output.14 = dfe8a9e17b938a1782fc3dba4f234dd9c9e36b67b28e1d901ca6b3628689aa4d2ae6b005ae3ce97e0d1e645da2710162294606ce51638b91e9c46d8f7f4f1a217e44c36b560f78b0541fececcf49b9b9
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -39816,6 +39887,7 @@ Nonce.14 = 3c9434b7d7e18472
+ PersonalisationString.14 = 55bfc33da17f712877829b7f8a134e55
+ Output.14 = 705950e4790ada95b99ace57e31115610ebc65d755fe587eae8fb1aeae463bea8b50a278f45e61d3433272ec31b0d48afcf219f5f4a0adb20537be9c7cb65911df28976aed4b4278cc524639a1ca5f40
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -39911,6 +39983,7 @@ AdditionalInputA.14 = 7ee4f3670c4671f128cbd743c408bdd1
+ AdditionalInputB.14 = 38f8003e8fb8c119534a2c3400a87f8d
+ Output.14 = fedbb1636b83c5cc5379c9aa4d1319df6d30770e469c2f7bd65b4b74d9bc880d520e11b2c3642a7c4cb6d6138d1d92f716317dd762c0a841e56e7e0226971a7f470e918d44b4f374f9e7e3b5209516d3
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -39961,6 +40034,7 @@ Entropy.14 = 5b6aaaf5c4e5acdacd2c0c14648eeb3f
+ Nonce.14 = 353cc1174da7f766
+ Output.14 = f7664dd99fb870dad1a45a4ddb870c9936fb42b3a063336e447f15703c5a95dd79eacd9f41cd0c1b4f2e1a45229aca140f463c1beab47aa0525e5bd6e1accf360bc8525430ba05fd14d1f008009fd586
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -40041,6 +40115,7 @@ AdditionalInputA.14 = 4eb5c1192fa86b355237b5a8bd43ebf9
+ AdditionalInputB.14 = 7323d1a6f983b7d16df6b0aa9d14adb4
+ Output.14 = cd41a0d7371b2eeb790fa8335660385c418ba84507ba94d1d1015b3353cdcad556993c19388461fd2cce38cc9fbc00e707b18dea9d712ac0616b443b23aee8131c295a1a741ffde36b2032bdb8ae2f6f
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -40106,6 +40181,7 @@ Nonce.14 = 9bee7502db25ae7f
+ PersonalisationString.14 = d0e8fa47aed6b67ca4e8e521f733921c
+ Output.14 = 3c649d295fd9b98082706f3f841f5275834143698c202da4c881c7d0a3c9995329a54d440fc4d21ab596e95e5b6651c6e7138b332c97ef771bc6e3b0b3fa09090ffb402ed1116d8395e5f1cfea3eae6b
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -40201,6 +40277,7 @@ AdditionalInputA.14 = d56ade0d74ea34577eb12a899d18d382
+ AdditionalInputB.14 = ea83bdba8490ffd136def5f7d9240c59
+ Output.14 = cd3d8174d8af97387ff02707d2757ce685ffb5d8dd91d95b8af4a3a757f9321b0e908096cd1321de0599640b7d81f43606b12e029ae158ed568ce1db429be75285c655e15f88da859f09b4cd843a0b61
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -40251,6 +40328,7 @@ Entropy.14 = 1c3fc8de26ddc78651c9c2e4ba874ee0
+ Nonce.14 = ca6a2d3cc5495dd0
+ Output.14 = d00ff8d3b8ca273cf7c3650e36c892018c0f765da45ab5b902c5accb30ffe01a99d3b86752195dc9aa1232fc852790ef51860fd114bdc78ae02acb5ab2021ec726829591d623b0b66329e641c1f915ce
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -40331,6 +40409,7 @@ AdditionalInputA.14 = b180d77e0ef217268d2d4dc9d4a9532f
+ AdditionalInputB.14 = b192957f3e98f7595768d00834eee1d9
+ Output.14 = 7d4791ccae7980ad19e5d8eb8932ea8ea1756710349ab8b771558cfe471a278dcc263b737486179a4ffad12d5311d23912c3a46f07152808d288be2dfd2b315fc4f6df6418029be52daed643dd3c6110
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -40396,6 +40475,7 @@ Nonce.14 = 84f7310a7ab653e6
+ PersonalisationString.14 = 0fb2233c2cea27d17b6dd93bc4621285
+ Output.14 = a2f373a523ac9f2524b059d0c23bcaa905e15948c7ebf71b6e82150aef562dae4003c1a8a3748cfd553d9a51a8f9450b9d569d96d897fed50eee23978e49b364c64db63fac9dc0fe9e8b58836aa04a74
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 0
+@@ -41667,6 +41747,7 @@ AdditionalInputA.14 = a58757b98280d90e84d6cf4e2fa89c01a9e6aad22d6cff0d
+ AdditionalInputB.14 = a3f5de1ec6d0ccd39fa153899f0c1a414106a2aa182acf31
+ Output.14 = b1797707f1217d81c8463b44957df350dd139073b056c50d1c912fa111f9cb488bfb7d2ec6faebd078171cd6b71171ae33698ff96c7225d7fd36ddcfeb2630464974d12b3e03877bc73ce1a2f89aea7ff7ddc8ac85708b35dd94d3972875e2d3e7237ec33871e99301202b52e2ff89db
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -41717,6 +41798,7 @@ Entropy.14 = 451ed024bc4b95f1025b14ec3616f5e42e80824541dc795a2f07500f92adc665
+ Nonce.14 = 2f28e6ee8de5879db1eccd58c994e5f0
+ Output.14 = 3fb637085ab75f4e95655faae95885166a5fbb423bb03dbf0543be063bcd48799c4f05d4e522634d9275fe02e1edd920e26d9accd43709cb0d8f6e50aa54a5f3bdd618be23cf73ef736ed0ef7524b0d14d5bef8c8aec1cf1ed3e1c38a808b35e61a44078127c7cb3a8fd7addfa50fcf3ff3bc6d6bc355d5436fe9b71eb44f7fd
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -41797,6 +41879,7 @@ AdditionalInputA.14 = 4f53db89b9ba7fc00767bc751fb8f3c103fe0f76acd6d5c7891ab15b2b
+ AdditionalInputB.14 = 582c2a7d34679088cca6bd28723c99aac07db46c332dc0153d1673256903b446
+ Output.14 = 6311f4c0c4cd1f86bd48349abb9eb930d4f63df5e5f7217d1d1b91a71d8a6938b0ad2b3e897bd7e3d8703db125fab30e03464fad41e5ddf5bf9aeeb5161b244468cfb26a9d956931a5412c97d64188b0da1bd907819c686f39af82e91cfeef0cbffb5d1e229e383bed26d06412988640706815a6e820796876f416653e464961
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -41862,6 +41945,7 @@ Nonce.14 = a59394e0af764e2f21cf751f623ffa6c
+ PersonalisationString.14 = eb8164b3bf6c1750a8de8528af16cffdf400856d82260acd5958894a98afeed5
+ Output.14 = fc5701b508f0264f4fdb88414768e1afb0a5b445400dcfdeddd0eba67b4fea8c056d79a69fd050759fb3d626b29adb8438326fd583f1ba0475ce7707bd294ab01743d077605866425b1cbd0f6c7bba972b30fbe9fce0a719b044fcc1394354895a9f8304a2b5101909808ddfdf66df6237142b6566588e4e1e8949b90c27fc1f
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -41957,6 +42041,7 @@ AdditionalInputA.14 = 288e948a551284eb3cb23e26299955c2fb8f063c132a92683c1615ecae
+ AdditionalInputB.14 = d975b22f79e34acf5db25a2a167ef60a10682dd9964e15533d75f7fa9efc5dcb
+ Output.14 = ee8d707eea9bc7080d58768c8c64a991606bb808600cafab834db8bc884f866941b4a7eb8d0334d876c0f1151bccc7ce8970593dad0c1809075ce6dbca54c4d4667227331eeac97f83ccb76901762f153c5e8562a8ccf12c8a1f2f480ec6f1975ac097a49770219107d4edea54fb5ee23a8403874929d073d7ef0526a647011a
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -42007,6 +42092,7 @@ Entropy.14 = 17da1efd3e5250dfde3ef1683bd9cf4d4432a2f223399664f7645763bebd5ebd
+ Nonce.14 = 0b160c67b97d5302972b5c517bed5a7c
+ Output.14 = 859bab959dd16f2cddb05376b3d3e46cd13c191c18203bf3c0bbd5803cc559aacce48d88564166fd5f43c22d08cda1acd8004f36915739796a39ca96f8e7def14b58a8ee55ff72de7e2e2727389e027657447e32e47d4ea2f0fda48e86046d111cc334bebf4ee1019199c94fdb26169661cec0b0c47176cb5fb7aed8ad35afb1
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -42087,6 +42173,7 @@ AdditionalInputA.14 = 50687524beffed38fe27963340483886645153311dbd4d10d86e7d6b26
+ AdditionalInputB.14 = 1e3ebe4a54c3092d540ad2898ec3be1af84a1d515c013632402ffdeede7caa8b
+ Output.14 = 007139a46072d9dbb6589b8ecf5f287d3aebb13b480ffcd6e95f0b2f916cd99e75f30a21971298257a80c17e9e41f8e0874dc9da8f6c18007a6e4cd5971df083ae62bb7b9f1bd4926f17e5574535f6009c0068b4ea3a50e2ba6c6aa6c7729fbe8ba58b4b795740ff6ae2f3d6fbe3e06828080cd1dcfb11771ec98ad9e0bac0b7
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -42152,6 +42239,7 @@ Nonce.14 = 2b653a89e549e3b1ee7817f5864fa684
+ PersonalisationString.14 = 814146b3b340e042557b0e8482fcc496a14c02d89195782679172e99654991ed
+ Output.14 = 3ea100cf50c25d7b2ef286b5fa0720f344de2d568979e7349befa23589083e835205cdf6a4670722fff04260e54618c9c00af75cc26eee665b64e7e628ec4c56a8086dcd583681170f60d565bd97d0f416e4c231e281081b0fcd16c8db63ea9029abbfcb068bf57a36364aa9e27603f447adf337baa35f049a129abdc899f808
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -42247,6 +42335,7 @@ AdditionalInputA.14 = 95f6df9905b652de6d08399f61956acf943fe412bc71de60d6b69881f8
+ AdditionalInputB.14 = 87b818568ed80f7c2e8f5b5d7be403f8badf9fa0e716aaf1d6409957b242aa07
+ Output.14 = 45b5182f313a26008bb4ab82f68a12e7c783c243ba1ac6d8bfaed44ddddb607f964ace9c3505d59ef5a3691143a4845491661a1dff8ac4de2e56b54e263ac3aef86966fd656b5a65d4f3b89731d50fa919663bd5691678ee5f8f499e84b1822bd0b91409b62cf98c176df7e812513f3252d25d15fe13ef9f253af477d16bcfcd
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -42297,6 +42386,7 @@ Entropy.14 = 32695b2c55839eb3a048fabedcae1f23bf0c7206280ba4ba0d08b9bd9f119908
+ Nonce.14 = 01f2a4cf8a9311abe5ecf58d6661dc5a
+ Output.14 = 4a4f44f418d585e03f508f2ff05345abffeafd75f610a957be7f3ccaae31ba28e69bf8ae441a405fdbc0ee761e39c76b69062f5a3866fc296be1ad306e6584ab2d250d717605c70a17c46a298f714e4e820c85a1fb84f4d61b9857a40c2902193ad703c78635a2791abe6abca6124229ed75827135c27f1a04d244e1d73ff059
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -42377,6 +42467,7 @@ AdditionalInputA.14 = 2e51dbbfda8c92f2c838bd85ca5dfd7f35504fae1ad438431b61c2f062
+ AdditionalInputB.14 = 00f507a359585778988b6bb6b91f23d4ab29d2adbe632e4cd4646c8cd5f1b76a
+ Output.14 = b7adbbf07414551464711ad9a718315b0587db2782d34179b70b4c0e323a91ad9de40933023e3a6be71cd50dc58953ad1bf66354bc45dcd9ea23682d487b43903a8f426182536e170af8b04460c586d8ca56e4c307ab7116d8130634dc9a58e1c3077bbddd6bd58c8a0fb9b18c4b839aacf5fcd711c611db120e6a605745e86a
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -42442,6 +42533,7 @@ Nonce.14 = 3f9e88b93a6e69d070328c2c570c3be9
+ PersonalisationString.14 = bbe702bbd2265e73aa073f47ce55fb65902abbe51635b414df688c60868546e1
+ Output.14 = 0280555ba6b2379dce7cd56615d7d86feadb8ad995e2852a0607e663a34b1e0342c7bc649adcb204e271eeb87521591fad74b3bd841971cb100ae5f21599b732d8c5f9d578c1113da7034b580013720e62b1d013e28205d5024f8b1eb3219e6cf821792713354cf1349d32a64f32ecdbd7578c55e401fbea57f21ea3ebef0f9f
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -42537,6 +42629,7 @@ AdditionalInputA.14 = 38684dfa6edbd61e464e49f7d01932802a5a5d824db6b1df6087e84a8e
+ AdditionalInputB.14 = 4949b08a12656c497cc6760791982c0d4e674b0f8a14be730a91689ee77e981a
+ Output.14 = fda39bf8dc1aa785422281dec946bad99d5ead17cac55d47bdb9bd0a80a72f3c611f92bcf29e3e45475426a7a9f139b755f332cf75035b047697f4131c9bbc9ee825ede9a743b14f02dea122194405864aa2b538ed5cdf40ecf81e02bed1556ce0e7974548f050b084b8f3626c0fb2c7272d42cdcb039af4c7d957e285b53b5b
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -42587,6 +42680,7 @@ Entropy.14 = 1006646f977b83f4d90870f24b3b72d0b4947037f7671a64ce3b52829506a519
+ Nonce.14 = 5698d50f59c42b26339d218fc985a41d
+ Output.14 = 44ab1d22fd3a84f8847c33d0fb0aea66408d5181b8ea95416beddd9784d86d72d2851857b503253016036246cea11f2ad2bd18fe56508697a50b14e7c85bd9b002deadbce5ff9f72508b6ebce741dd7803a2d8633dbec235cccd37c089c9d747a52000ed4cc1dc8545ddb65e784a698bdc74a6ff4fd7b3dbed31a22f83b4fd8f
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -42667,6 +42761,7 @@ AdditionalInputA.14 = 8d72118578abbd90ddbe6115ab10b499afa26c2360eaf6fa118ba590ac
+ AdditionalInputB.14 = 6ca4d45fcbd0c7e964557b2bd7622a528b4722335b47383f7bca004b7cd5cf04
+ Output.14 = 360d9ff3111c6b713fc641b571b582770991885f2fea806a485006a1b4f41ece4ce83dcabfd403edde77780c044c96e85ce5d1f1a368ad881a64be8c41e87f0a682ab67170ae05a24b08b4a9178d13ac9928ecb3b5e23e745d93aaa5f111c335c77cb9a5c3da8163cb428fef60da737b884105ae57616637b0e40bad9594bd51
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -42732,6 +42827,7 @@ Nonce.14 = 50f723edc4f658862758e149e7ae4f20
+ PersonalisationString.14 = 39d43e627ab7c7a6d12fce4cd8c001678bfadd9d07d4086674e5d8bdef4ac62e
+ Output.14 = 02e68bf3f78812aa270619b307dc0e57b05b8310084ecd1914a67d93b77127e0b3ec40e359adc451eac8788ac708fde70575fc1b9bbfd291bf5b8d7bda7bcc23a0271ba0bb0e6d617132399bd6cedf5a9a683ea98b3b0dd3bc6d811e4f66c9ec751012992cf54e3ce474e09b31ba9c01ea231d4fa8f09441e204c4d3285c78d0
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-256
+ PredictionResistance = 0
+@@ -44003,6 +44099,7 @@ AdditionalInputA.14 = 73cd5580972f69bb4b0d0cd8915a5b594c3a9fa40b82d6b37446dff4c0
+ AdditionalInputB.14 = 304c2001d8bfb9f1b23f3b336db9f5da17752cbaba782d8932d2641aab4c34b8
+ Output.14 = 5771705c788e15fd5f656d4b5555d532ee4c48453be651a69c30fa706abe7719d9842028c667fab59aab97fe64a6140baa5d42dbfb7ecd58f2ce557a7b8b2c01669232e0b8bb0ddc6ef8dbe627ec5b370ec74553640982a14bd38ad9824b9651b717f8e90f539c42d04f7cff648c38b26abf38dd2a777348a4c2872f6551ef0f9e148bec810025779e7cbe1055cb0250a764fca5a1feba53bba64b7ea0c4dd3d56a7e6b4f8a157264e6666d356fe5a7a29fde7f4391662c4e69f471c21c6beeb
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44053,6 +44150,7 @@ Entropy.14 = 2c13e44674e89aa105fc11b05e8526769a53ab0b4688f3d0d9cf23af4c8469bb
+ Nonce.14 = 700ac6a616c1d1bb7bd8ff7e96a4d250
+ Output.14 = f778161306fc5f1d9e649b2a26983f31266a84bc79dd1b0016c8de53706f9812c4cebdbde78a3592bc7752303154acd7f4d27c2d5751fc7b1fee62677a71fc90e259dfb4b6a9c372515fac6efe01958d199888c360504ffa4c7cf4517918c430f5640fedc738e0cc1fcec33945a34a62ca61a71a9067298d34ac4a93751ddcd9a0f142748a1f0a81a948c6c6a16179e70b6f13633fd03b838da20f81450b4fdc1752e98e71296f1941ca58e71b73ea93e99a98f58d0892fa16de6a16c602036ac857dd75f9ac2c9185932103db5430e80cde9131e814a0bf3f3e7a2200a7152424472fd27f791a854f29aecc448f8d3fca3f93290266df3193d9e13e08907ab2
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44133,6 +44231,7 @@ AdditionalInputA.14 = 6cfccdd8253cc5b284701ef8d16f8888f79100373a7df50f43a122591b
+ AdditionalInputB.14 = 5795ae5be47a7f793423820352505e3890bac3805c102020e48226deab70140a
+ Output.14 = 4a398c114f2e0ac330893d103b585cadcf9cd3b2ac7e46cde15b2f32cc4b9a7c7172b1a73f86d6d12d02973e561fa7f615e30195f7715022df75157f41dc7f9a50029350e308e3345c9ab2029bdc0f1b72c195db098c26c1ab1864224504c72f48a64d722e41b00707c7f2f6cdfe8634d06abe838c85b419c02bf419b88cde35324b1bfdaddff8b7e95f6af0e55b5ff3f5475feb354f2a7a490597b36080322265b213541682572616f3d3276c713a978259d607c6d69eec26d524ba38163a329103e39e3b0a8ec989eca74f287d6d39c7ceda4df8558faeb9d25149963430f33b108dc136a4f9bfa416b3ceaa6632cd5505fe14fb0d78cf15f2acfa03b9c307
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44198,6 +44297,7 @@ Nonce.14 = fff1f2e2ac117af8b2cb023f0dd6c6ea
+ PersonalisationString.14 = 0a4c2df69d6c69df0a9c58ab7c886ed9db294f5fe98eb066fde543b409ee91e0
+ Output.14 = ae35e947a538e7da73f944b4dea689c064b144b753fe597369e58ec4868099c0f000995949e82dc3e5c00555a2cfe48c8a87e87ae5e7402e2b1679e413cc556f08796269ef3ea83d6a49116349a31710964fb2f936cccf249472eab3267cc1ca0073ff4d964eefc82dd1559c3737661f8b206757a64c756680fb7ab6be8cb433b93f21a04c1e99c777ac26c1f34918794085ee593ca27ae991c53d141e52f90e7872bbb036dce78e6a33e2d638360f9c15d5746d6ff13c1bcdff1cd01749fa51c3c72e68c0ce57423d4915abe84c15cfb3301d0c3b8ffc6a1962c1fd981790fa2a3da60d70e8e8557e4b2e7458ad85f5141ad46e1db751893e8327c8197571e8
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44293,6 +44393,7 @@ AdditionalInputA.14 = 2b2dbe3834d8be93f1396b19be83bd96823dd82740da71c5eeb7b21865
+ AdditionalInputB.14 = 49c322fc1bec86d3e20628d9bdc1644e6f5e0237c7c694746bfee32a00145696
+ Output.14 = 9110cec7d07e6e32724bf043e73021b3ca0e4516b619d036ac9a00914e12f01ece71989f55c1caccd542c60a9cccffb91e203fd39dca2d92c8eb03ee7ee88abf21dc6891de326c3190f25ee9ab44ca72d178db0f846969465b25a07dcc83777e6b63a7f9f1a8246dd31ce50cd9eb70e6e383c9ad4dae19f7cec8bfe079b36d309c28b10161c28b8d66c357c7ee01f07403a596366725fd5bd3a5de3cb40dcf60aac10635615b866ae633fbdb7ece41695d533757d9d16c6d44fd170fae77c15b7426ed6ec8c9d6e9245cd5e19e8dc3c8c7e671007ce8454413bd07407e8a2248bee95a7669db6ee47377b4490a6251abb60cd4e2e404ab88aa4948e71ecec50c
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44343,6 +44444,7 @@ Entropy.14 = 1436be35237c34bac5b5b36b24c998380883fb52621daa420112cb57bc84745c
+ Nonce.14 = ed884f91a94c1b0a51f316df776283af
+ Output.14 = c74ce568f0c465e79ef3700857cc8857b74ec8c075cada3f2698ff69569318b130b5b079ac5b69814d057097b0a107a546b011db601b2f7aa1708effd6479f383d7d484a5df76b63f1419eb360991475b2cd97590a1887487a76cd6fde7764cba5f101e4614c635ba7b1e18724a0a8fb39ca0948bffc441b6aa0216cf3c28ae6c06a24ad1bbe68970e06884d3b68325a3d7c1dce9a2fe87d565dccdcee7c62ed32b577763f510f0029a99530209628359bedf4bbfed1a13c222692d8cae60ca736df834a6e316db27642ed5839d2e11716a5c06e8d067e8548d7ac0687da801d292e2a6f414d7470d2e72261188347878d18e00fab3d4c15cb4c4a73cf963437
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44423,6 +44525,7 @@ AdditionalInputA.14 = 48e994654ab1d109511a3b34f5fa9f12b8da17da510d7a71e3839ba86b
+ AdditionalInputB.14 = 949ee0617b277a3ddf4a51343104704775d91797be1826d78051496a87d9113d
+ Output.14 = c4bce916b00a8583ebe1e85feaa1f076315ec9433e18afa1252061a62fc7558491678cb31048e4b4551b697e8dcb58dff951337f0fb7a41546d9a7838a1da149cb44558d324eab9e7ae147e8ead666e3d4eabc9978626efc8710ba8b5eb485d5693e5d6cac36ddd3a1a878ffbc77e9ec5d333cdae2b5803dcbba70d4e0dc60366dae5cf25990f3ae6147c99ec6c998397a1ac02b1b6ef6867aa897ca90b7fb938e3ddeef57e40897a644a4f08e37c995210e00f07145d5b3620ce673072525f9f74adf79ad703c4a09adc6eadcf77e76c6b032270d4c68f01672decf9aa0e941086188304fc33a28f53bf121df747b7dfdc00ddfe68f6d06ab7e82295f70652e
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44488,6 +44591,7 @@ Nonce.14 = 70916df78dd9ea799230435b3e48686b
+ PersonalisationString.14 = bf755696adb9c92839798798f836b063cbbe987f0163ef3f4a97222c888f5da0
+ Output.14 = 411cd8e76e711447e8a93ca95aa3aac5e51f559d65a8385a15e71877ac8472a347d9d453bd6761655711ce2133900d28e41cfd1292d28848646e5cbdcac1e60e49e62aab169b1735e701e38d65ccc073f277972ca85444dea86c19c0c08317dbbeca4fbd5d4295c9da71b89623d0028cebf1ab68fd0aef5b37e76e2e0b3e7f72eee04c01b6afb180b1fa0c370975526b788ec4db076a16a798671451af3e20d323684e232a25d78aaa8ee43f734f1555bf0a324053c7c895dc3e098621e189962a914f486cd7a5ff330f39316afb762b1a06cf8b593ca00d7edf739e2e6827a7af662f33bb09fad09d6bdb3a565f2bd32512c79927d390c79a1cc6db968b13a0
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44583,6 +44687,7 @@ AdditionalInputA.14 = 6f9f47857a60b6f3f9fe9a83ebcec5f16ca73e236d2af5b0daab45c0b9
+ AdditionalInputB.14 = e6628fbe4a774bc5383218302b7c565da5a5bd9f19db6182b444af5ae5f62739
+ Output.14 = d701c1824a82ff1803c4b59f490c3f37850ce85b5905059ac4484f5049f31772ab8401bc9b8fc1fd6ca06d01f01caecb3cbd914ea9574f497df0316a0d56e2830c8a908ba78d1dbe243d0fbc560c407052ec02e9c77f7b12264a46316a777955ae87a71f2da9cef2811f6328ccb288343abb65a36359c07122cb4e6639397829c48dbf8a821ddf00ddec2f294e48d05adfd0f7a706bfc337387bb7923641d08c288d23ed5a2a20f34684549f9f6b3d74ac0f04e10c7dec04aceac369f505d7ccacdf30ea0662cbab001740922e9ac32b6968e0c5a640345d1132e883e07fc82858980489893d0e38960883e989c41e72ee967c00b9a943f0666d1f5e93e848ef
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44633,6 +44738,7 @@ Entropy.14 = f5ee32b61bd57a4a4d51309e846f636560a8bb2a576c65d37a3f715ff1878014
+ Nonce.14 = c638557dae4f9ab6e078c61d54d0f566
+ Output.14 = e929e6c5c4a629c49fbb8623aea903ea129bb6484ed542cf940dd97bedc292e8bce924ef0cc57fa9b50b17b82618a840375874735560aea57e4e9701e4ecd0e812d1bf9fdecf67f431e4d7f6f455dfe4bd3b9a1553c574b0bfbc933a31580319c97682dd990c7081b711c2fa67a4eb54472be39f634c5dd901848c012c309c43f34d189a72c219acf8ca393d3f2cb292d62bb4d5e88f2b6e5e0422dafeac17415af623473f26ec24e65082123db9b9c00dbce3ca1942269fdf66f14add6c486a00527a39b050c2f3a6bc461e750f6e33236de198742284998bff98b7b3f6566e66679b3d8a1e63561fb5f8228867b8ff92230a9f2a6b9427821b6d55a359994d
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44713,6 +44819,7 @@ AdditionalInputA.14 = db7b290176b65f826aac2190a912672f8a9c97815706af33732f68b1f7
+ AdditionalInputB.14 = 13425f17d8fbcca3b4d7793a53507a85813f6f50d3365d680c0620d5fe1bfc33
+ Output.14 = 12d4cfe6574dddbf9de82b8a357bbd6e32a3addb7022c313ac401d0aecfbdfbc7229822f7db9012e8bb0e2907fd48d3eb435ef8368802e5eb948f1bd8d47569b694e23979652f6978b568d7e2288b596afbc67b6c1e0d662240356dc6257d9d273a9ca9f7dfc9bd4175a50ad5b328056c37046e734a76384d7418591a7604f332a457f2fbb277dce4fd2729fdd1319dc3a56b9901a50dc90feaf5969cd9e450bd8716e44253ca55c4e1dcf791658cc467cfba613c27a96f67bd68dd8ccf46bbca4294a0f548b919626d1712ed4290ec90c1098a082699450738d32a8c6516d83bd54a42413bc0ea0b37fe5d6b0663806df67f61d2c553aba3aed3f9aff111d2d
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44778,6 +44885,7 @@ Nonce.14 = c600da30d68cddd9b823433845111880
+ PersonalisationString.14 = 8896ff67866ff1f59c8e5074d91e6b9112410c9b6a1eefbcf05a1b8c7123dc89
+ Output.14 = ad8150de910a0bbdad0a674d032919ac3304d5977fc43ad5d5b1fa9be46f22e94f5c2747db228315b0d0505867fd97f9b1582f97b4693ed542c416df1847a85bcd4ad07d6348a4df78412e3df4e675def7f44b1895a8a2156c811040a46198a863c0107aebc3a426b4c2b9ac294b227d323879a70cdf7ceeee7f6f51f102c3ba4ae9a7343aff295b664c869f2c2d6e4396362fdae7d9b5eb0802f37ff7a3a7f1c944044b1bd9b21fbf23f191c6f538398164c2d1b67390e7b059b1c9f5bb031b89a23895ac65770182c8072fb0ad4a7be055d9a4653d08e6b22a61ebdfb66adec2629030f47aca70a06d68c9e1c041ceb2dc9bcd1ceaf61655ef7bbb1653f3d6
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44873,6 +44981,7 @@ AdditionalInputA.14 = 4adc98c66aa72da2c63172aba2a6c59fb20aa7b195a0b79edc709bfa99
+ AdditionalInputB.14 = 83485ecbf938b8035d047956a3a1bea5adb66c4a7a24b21dfce4269681c31bae
+ Output.14 = 6c69a58a3b27c73ac396840a93ff914219fa80241d39d65890ea612017d7b92b12062fbc0e3c39508c86023f7d70e9b156b4a766465c01c554acd6b5d78568d2087834b3b14f3fdc4d4b959e78ae2fa5298c87321b777afaea4a5c271a584a23a262f8b679cc8198ccd116c88dcf529a6677ebf5189d287f56eb445ad7313acce013b3fe49fb5212cdc3cf8c5ed15aa26b1135d7d9e0570719c4230c104a652fb36ffc57e219e735c03346d18eb57bcba813965bcb39b6a81da624838ba7b9a65d3b684a021f4071c66ce705974f2bd0ce1ad6727136d77529e3b400db0d14ffeabbac877cdf6a38ca66d83492a90482343a5a427ae8b8f77a2f724aa30c11b9
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -44923,6 +45032,7 @@ Entropy.14 = 60da58990a377a615436ef43b1199f88c7a4629653dde2350a4c5115c42e52f6
+ Nonce.14 = 592033d0de138ae7082c03553e3bfdf9
+ Output.14 = 7a770dbe8e1d3af1dae5b93acd9e6f1748a4a6a88229a875d23b37665e0cc96d888dfdc428a32cab378a9ebe22409709cd9d11f0c751c08d98eeac13b6f76f0f51ccea254cae23177c3aa207c59b5ce221b93442d037256d553275a6c4b5c83c1fe555a630e37d8277e02c050c19e145a71ec98b96ae3ae44c9ff87c4501c1ff7fd5231510ac9df623b3fb178e147f07d1fe02b48e877cba89a822c91b5af56b71d60116c49f80d87656144854909a7d718b5aa8f071f18357c2c9f9b6c0fac3195040f26b86aa936fd35ff37287aa140cd01ca6c5e577d815790d6fcb1a57569d23e801e2eb2b669ae7cf17d87f9ee66e0b515bcab09087e111da199b6a15b2
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -45003,6 +45113,7 @@ AdditionalInputA.14 = 967911f9412d40f2c62e43f48ff965bb1579a2ace388c781e125fe70f4
+ AdditionalInputB.14 = 052c401de1053b8dea309196bb8e326d4b643371976d1ff6be0a6ea4ad27e5e9
+ Output.14 = f7e8cdc3f8d2796414b9c83486d746cb8b1675b37d0d7546392c59622c693045dbcb10e9343524a6e7a9cc757717af22ddb8127bcdfb29cb8da409bd69d42aed9708cb2f904dff562a695be004ab25d31b8485bdd677c96d156ce8037726519d1949cc15e91acfd1c7c0bd58058b72c7d340b2f0bb12115ef44af6d20ce5f429d681b614e06bcddbf8ba00b40732b4dd425d1a87b663afce0e9a87b942a543b055f00b2428de12464a1309fccd0a15d512691e3858666ea4dc6084283deb075877c0162dbaf8318c9cda01ca611d72fac0b386a753ef35f438757cdf732a61a1f6123d1de3f61eb072d022f56c679a86f7a05bd6fa420ba39ed2973d4007b9cc
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -45068,6 +45179,7 @@ Nonce.14 = 0a6bef6b736129740978e31c3fa279e8
+ PersonalisationString.14 = a5ca2491479bda16341b2c14339a5307fc2e2f5df4fa625e0ea351a95a14f588
+ Output.14 = df587647f8d440a6c8034e757cd47f28d0e58f8aad9a047cdc8a70a8b1cd0d8185240d47bc5d2f4657205ed218ec38307e68efad94714630cd490b939719a4a07ab994793112c021969a8c69872903315c74b00b677648673e5883b5f46e075550092914cfeab05454226ee3d2154698f368bfda0b8b99eff5d111c1649a0f7e67ec0f637c6d3466994d655066a95732590e521ca055b048dbafd219be1a04fcd047c3722c4adf29ebd8486e7171359292e11ac6b740b4d51093383d64d2a45e51115c689ae29357366f2013eb9b420c6bd069d22c2110182e842eccadae81797a5f57d9ff47311f094ea0a25d7e329fcccb93c28b92ed85ccc2d690a84f2b2a
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 0
+@@ -68233,6 +68345,7 @@ Output.14 = 6af689cec62a633492f6e24b754d38dd6ab0b556e91802d72f14dc8c0e9ff50df728
+
+ Title = HMAC DRBG Prediction Resistance Tests (from NIST test vectors)
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -68313,6 +68426,7 @@ EntropyPredictionResistanceA.14 = ae706e740dda50209b20acf90dfa8cec
+ EntropyPredictionResistanceB.14 = b4d4b4bc7cba4daa285ff88ce9e8d451
+ Output.14 = 74acba48f0216087f18042ff14101707c27d281e5ddbc19c722bec3f77bf17ca31239382f4fc1d4dd0f44c296bc2f10f74864951f7da19a23e3e598ac43fb8bbdd1fca8047b98689ef1c05bc81102bb5
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -68423,6 +68537,7 @@ AdditionalInputB.14 = ccdb3f7d7f6a4d169f5f2e24ec481fcb
+ EntropyPredictionResistanceB.14 = be4a2c87c875be0e1be01aadf2efeef6
+ Output.14 = bfcc8f2ece23d22545ec2176aabd083855923ca9a673b54b66a3e2562212aad3cc74c4c8976de259cc95a2f09a85b7acd1f18c343eff0368a80e73a547efdcd954816b38df1c19556d714897e317d69f
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -68518,6 +68633,7 @@ EntropyPredictionResistanceA.14 = f324c09f96434ceea7e756fc2f55a0b3
+ EntropyPredictionResistanceB.14 = f043b6e11fc2f671ec00f4d478b791c6
+ Output.14 = 40e87b822b1000441884a38b8776baa69fbea99962571e8a20d8af012d50c8c211860ad579869ec880320ea8057d5cb0de9496ec57d8b594ca8be5b94219eaa800af7205f8a83b66c87e0fee9aa9732f
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -68643,6 +68759,7 @@ AdditionalInputB.14 = 0d5a2183c9f9ca6941f6a617892f5e47
+ EntropyPredictionResistanceB.14 = 998f9cde45b1dc22db6d2d7bfd4f3930
+ Output.14 = 934fe82b0951b97dafc5ba16e87b0459691156b42ff2dbbbd8f6ed9b04be952af267c6a17fbfc86de91f9f07eed482a5362b176216a8963af485503ba93b2e82c03a3ee6225077d90cd961e24f6026f6
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -68723,6 +68840,7 @@ EntropyPredictionResistanceA.14 = 427b47ed008e489cfd06e1a6e0a9f07b
+ EntropyPredictionResistanceB.14 = e5ee8df96c0e929446502a4bbd23ab22
+ Output.14 = a544ea7c3362570f48a42635f4b79f615d11a5d8a480d85ac71e4be90074fbd5e2d368d00755e95a262d79ed262003d3e2a26f82c37d091ae763a01fba08c87b3ec0ce817bbab8d1905f91f021b7d7d0
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -68833,6 +68951,7 @@ AdditionalInputB.14 = 3e95f86a7168410eac0c84995c187fd9
+ EntropyPredictionResistanceB.14 = fd15dfdd8cfeeb7ce0c76f759dfd47df
+ Output.14 = 480d9cbbfa6c923866179318b293c52c9ad86c2ee27faa745873a77d0242afe669d1773fd9c17284097ee8e644aa054deefbb9c73732ba6b5004623df15edeb49ef2e1bc8dbe023f7104ea1395d9fd38
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -68928,6 +69047,7 @@ EntropyPredictionResistanceA.14 = 845decbe6e03e423b3660bfe7db383bf
+ EntropyPredictionResistanceB.14 = f4ee7409c076201255bc78ec82ca5530
+ Output.14 = ac57a08b77c528b834df2757069b6330f05a9196fbbb17300f9c31ef596f551ecc56fa3256c0ab1534df4955f2da1e8d98026b7c5e07290faa5131a95d0fa35a56b075752656ab61a74f889fbb735c58
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -69053,6 +69173,7 @@ AdditionalInputB.14 = 063e444dc2990f59e04839fd5e9eaeb6
+ EntropyPredictionResistanceB.14 = e059229538a827fe9b7e5caa44fb1e3d
+ Output.14 = 62efebd7730c6999fd052b98e2bf26eebc96b617a03fe2f1aa7ea3be1aea833f705a3ef3776adc7578f5bb6955a60853ef267fbc18aa3d57b8e0d9134c81e8ffadd0c66d385e5d535d74a615fa896757
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -69133,6 +69254,7 @@ EntropyPredictionResistanceA.14 = 74b72e7e1c5f16bf0389dafed9a86ae4
+ EntropyPredictionResistanceB.14 = adef9418a342b4717e93df6450429a38
+ Output.14 = eae51f34bfaa2970f41c3211ec228cfccc1d3c0fcc077d1d9ba159b3bac8685bc5783f61c67fdd4beca05dd4f14afcfc4d554ae75f73842637671102c3b81cabc9a0638cecad5a6615171be5265d5454
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -69243,6 +69365,7 @@ AdditionalInputB.14 = 696d9380b814b456ca59ed58ea765400
+ EntropyPredictionResistanceB.14 = d57fb196a634da13ba8695098ed79f9c
+ Output.14 = 069848aef419759b75896cd507a109f685228b5639470afeac0caa853f1c3dbe373f99db76bf06fe8bac356bedf6bf18787043970fb0a185c8a0a4d8482aa3059eeba0d244fc03c9b72857dc5188d44b
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -69338,6 +69461,7 @@ EntropyPredictionResistanceA.14 = 015ef1f359f60a391b3720d578731070
+ EntropyPredictionResistanceB.14 = 963736987090fe71e69b4a2480d9b314
+ Output.14 = c75a102bea830a8a58d9a9a43cb03b21aea75d8d2a08c37aaae9180a5e1c78e5700b20a5fe1c7ef0a7e3d2adcf539c4c1357946a328a057e719b97d802b586910f804c166d4884d8bbb3bbc03074c53a
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -69463,6 +69587,7 @@ AdditionalInputB.14 = e0b7ad60c542e6c2b324652fd2d7cdc6
+ EntropyPredictionResistanceB.14 = dc7ea852c3e5467977c7946e77223567
+ Output.14 = 0e2e5f47ca8ce1c7fdae1b49d6bc8594da1458eb8dfb35e0602d3812df7532cf6213eba8e75302444529565c40d23d0a336c4cadde37f0def2c3d412984360b65c668ef43263fada16b28860f6ee6ceb
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -69543,6 +69668,7 @@ EntropyPredictionResistanceA.14 = 4912a46c447c2de26dbbaec01817d2a6
+ EntropyPredictionResistanceB.14 = c182dc35363cd7e04394c28030e6d6b9
+ Output.14 = 976daafdf1dd5163e88a928d91933678cda9c8ef9a8251070ee8a6b42efda3c00a73303d0426da4a4af7c587174dce9936bfbb68a73979afee9f3a5b4fb4da2eb2b2f2f1c0948b63b45bf583412b2890
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -69653,6 +69779,7 @@ AdditionalInputB.14 = 8022a4985c745515682102a25b379301
+ EntropyPredictionResistanceB.14 = 8cc2d8a789d343547ee48869f57ae225
+ Output.14 = 5707c544445358767b1c4d6c319b6a8d9be38afbf945dd4e869e9136d63c9d74aa872139e8bdd374510ebcf8c36c39e45ff31596fa58721c2a089dea7b418b3f7a00d78c6ba531adbb59ae2ab44bb683
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -69748,6 +69875,7 @@ EntropyPredictionResistanceA.14 = 701b8e70583effd1c4e901c50966127e
+ EntropyPredictionResistanceB.14 = 40e9ad701b63ee7bd6132d7f056a1f09
+ Output.14 = a76b3e058ed1a8ca5860b15abe08a607894207d3d3be5bf6c3dc99c01523c85bf18927bc6d3f66cfef63a238aaef1ee87998100faabeef0d2518f3ccc0423d776a440ec9a87c5601fdf45c309c264dcd
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-1
+ PredictionResistance = 1
+@@ -76340,6 +76468,7 @@ EntropyPredictionResistanceA.14 = a918ec35414b0bf1d9ba3b80ef838e75b9504fb6b77e40
+ EntropyPredictionResistanceB.14 = c25de5d8b1f17acb7303c4a652ea1bcf284bfdc08a12c40ece16e3125fc8757e
+ Output.14 = a3072880e72e76ec1e467d7c4f4ab8013eca926c96f075a0a25f5550931f4d6b3aff2057ae6fc1382d579e8963ee24459d76d7414d250aaf5b302a539775862e26596176de2891589defa7aa66f763126c7fb7ced0fa80f3f5e1f0d15295e6025fad617e554838876c8c8efb4bef1e1227a1c967afe99540c1992328a70798167eaea5a768f1f4395178dc914cde01b8e6b98266a66c5c079e19e5d3b6599c6dec24e8e155b310164299d1b4d31ab2e0c3b917b0cb627a4cc19c86061c74c849aab764feacd33de7472b7c4e1403cb38f8f1c3062e75966b2e2c0b2d7d966271f3d180440aa2ed2194bbf7d8b9415a5c5bb7f3df7cf2d02740cd4366ee3781a9
+
++Availablein = default
+ RAND = HMAC-DRBG
+ Digest = SHA-512
+ PredictionResistance = 1
+--
+2.48.1
+
diff --git a/0030-FIPS-Remove-X9.31-padding-for-signatures.patch b/0030-FIPS-Remove-X9.31-padding-for-signatures.patch
new file mode 100644
index 0000000..52c053d
--- /dev/null
+++ b/0030-FIPS-Remove-X9.31-padding-for-signatures.patch
@@ -0,0 +1,271 @@
+From 647390b55cc97d4665cbfffb3a95b6ac7b3c9339 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:16 +0100
+Subject: [PATCH 30/49] FIPS: Remove X9.31 padding for signatures
+
+The current draft of FIPS 186-5 [1] no longer contains specifications
+for X9.31 signature padding. Instead, it contains the following
+information in Appendix E:
+
+> ANSI X9.31 was withdrawn, so X9.31 RSA signatures were removed from
+> this standard.
+
+Since this situation is unlikely to change in future revisions of the
+draft, and future FIPS 140-3 validations of the provider will require
+X9.31 to be disabled or marked as not approved with an explicit
+indicator, disallow this padding mode now.
+
+Remove the X9.31 tests from the acvp test, since they will always fail
+now.
+
+ [1]: https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5-draft.pdf
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ test/acvp_test.inc | 214 ---------------------------------------------
+ 1 file changed, 214 deletions(-)
+
+diff --git a/test/acvp_test.inc b/test/acvp_test.inc
+index 29317b47a4..31fa0eafc6 100644
+--- a/test/acvp_test.inc
++++ b/test/acvp_test.inc
+@@ -1354,13 +1354,6 @@ static const struct rsa_siggen_st rsa_siggen_data[] = {
+ ITM(rsa_siggen0_msg),
+ NO_PSS_SALT_LEN,
+ },
+- {
+- "x931",
+- 2048,
+- "SHA384",
+- ITM(rsa_siggen0_msg),
+- NO_PSS_SALT_LEN,
+- },
+ {
+ "pss",
+ 2048,
+@@ -1772,202 +1765,6 @@ static const unsigned char rsa_sigverpss_1_sig[] = {
+ 0xe9, 0x97, 0x20, 0x35, 0xf8, 0xf1, 0x78, 0xe1
+ };
+
+-static const unsigned char rsa_sigverx931_0_n[] = {
+- 0xa0, 0x16, 0x14, 0x80, 0x8b, 0x17, 0x2b, 0xad,
+- 0xd7, 0x07, 0x31, 0x6d, 0xfc, 0xba, 0x25, 0x83,
+- 0x09, 0xa0, 0xf7, 0x71, 0xc6, 0x06, 0x22, 0x87,
+- 0xd6, 0xbd, 0x13, 0xd9, 0xfe, 0x7c, 0xf7, 0xe6,
+- 0x48, 0xdb, 0x27, 0xd8, 0xa5, 0x49, 0x8e, 0x8c,
+- 0xea, 0xbe, 0xe0, 0x04, 0x6f, 0x3d, 0x3b, 0x73,
+- 0xdc, 0xc5, 0xd4, 0xdc, 0x85, 0xef, 0xea, 0x10,
+- 0x46, 0xf3, 0x88, 0xb9, 0x93, 0xbc, 0xa0, 0xb6,
+- 0x06, 0x02, 0x82, 0xb4, 0x2d, 0x54, 0xec, 0x79,
+- 0x50, 0x8a, 0xfc, 0xfa, 0x62, 0x45, 0xbb, 0xd7,
+- 0x26, 0xcd, 0x88, 0xfa, 0xe8, 0x0f, 0x26, 0x5b,
+- 0x1f, 0x21, 0x3f, 0x3b, 0x5d, 0x98, 0x3f, 0x02,
+- 0x8c, 0xa1, 0xbf, 0xc0, 0x70, 0x4d, 0xd1, 0x41,
+- 0xfd, 0xb9, 0x55, 0x12, 0x90, 0xc8, 0x6e, 0x0f,
+- 0x19, 0xa8, 0x5c, 0x31, 0xd6, 0x16, 0x0e, 0xdf,
+- 0x08, 0x84, 0xcd, 0x4b, 0xfd, 0x28, 0x8d, 0x7d,
+- 0x6e, 0xea, 0xc7, 0x95, 0x4a, 0xc3, 0x84, 0x54,
+- 0x7f, 0xb0, 0x20, 0x29, 0x96, 0x39, 0x4c, 0x3e,
+- 0x85, 0xec, 0x22, 0xdd, 0xb9, 0x14, 0xbb, 0x04,
+- 0x2f, 0x4c, 0x0c, 0xe3, 0xfa, 0xae, 0x47, 0x79,
+- 0x59, 0x8e, 0x4e, 0x7d, 0x4a, 0x17, 0xae, 0x16,
+- 0x38, 0x66, 0x4e, 0xff, 0x45, 0x7f, 0xac, 0x5e,
+- 0x75, 0x9f, 0x51, 0x18, 0xe6, 0xad, 0x6b, 0x8b,
+- 0x3d, 0x08, 0x4d, 0x9a, 0xd2, 0x11, 0xba, 0xa8,
+- 0xc3, 0xb5, 0x17, 0xb5, 0xdf, 0xe7, 0x39, 0x89,
+- 0x27, 0x7b, 0xeb, 0xf4, 0xe5, 0x7e, 0xa9, 0x7b,
+- 0x39, 0x40, 0x6f, 0xe4, 0x82, 0x14, 0x3d, 0x62,
+- 0xb6, 0xd4, 0x43, 0xd0, 0x0a, 0x2f, 0xc1, 0x73,
+- 0x3d, 0x99, 0x37, 0xbe, 0x62, 0x13, 0x6a, 0x8b,
+- 0xeb, 0xc5, 0x64, 0xd5, 0x2a, 0x8b, 0x4f, 0x7f,
+- 0x82, 0x48, 0x69, 0x3e, 0x08, 0x1b, 0xb5, 0x77,
+- 0xd3, 0xdc, 0x1b, 0x2c, 0xe5, 0x59, 0xf6, 0x33,
+- 0x47, 0xa0, 0x0f, 0xff, 0x8a, 0x6a, 0x1d, 0x66,
+- 0x24, 0x67, 0x36, 0x7d, 0x21, 0xda, 0xc1, 0xd4,
+- 0x11, 0x6c, 0xe8, 0x5f, 0xd7, 0x8a, 0x53, 0x5c,
+- 0xb2, 0xe2, 0xf9, 0x14, 0x29, 0x0f, 0xcf, 0x28,
+- 0x32, 0x4f, 0xc6, 0x17, 0xf6, 0xbc, 0x0e, 0xb8,
+- 0x99, 0x7c, 0x14, 0xa3, 0x40, 0x3f, 0xf3, 0xe4,
+- 0x31, 0xbe, 0x54, 0x64, 0x5a, 0xad, 0x1d, 0xb0,
+- 0x37, 0xcc, 0xd9, 0x0b, 0xa4, 0xbc, 0xe0, 0x07,
+- 0x37, 0xd1, 0xe1, 0x65, 0xc6, 0x53, 0xfe, 0x60,
+- 0x6a, 0x64, 0xa4, 0x01, 0x00, 0xf3, 0x5b, 0x9a,
+- 0x28, 0x61, 0xde, 0x7a, 0xd7, 0x0d, 0x56, 0x1e,
+- 0x4d, 0xa8, 0x6a, 0xb5, 0xf2, 0x86, 0x2a, 0x4e,
+- 0xaa, 0x37, 0x23, 0x5a, 0x3b, 0x69, 0x66, 0x81,
+- 0xc8, 0x8e, 0x1b, 0x31, 0x0f, 0x28, 0x31, 0x9a,
+- 0x2d, 0xe5, 0x79, 0xcc, 0xa4, 0xca, 0x60, 0x45,
+- 0xf7, 0x83, 0x73, 0x5a, 0x01, 0x29, 0xda, 0xf7,
+-
+-};
+-static const unsigned char rsa_sigverx931_0_e[] = {
+- 0x01, 0x00, 0x01,
+-};
+-static const unsigned char rsa_sigverx931_0_msg[] = {
+- 0x82, 0x2e, 0x41, 0x70, 0x9d, 0x1f, 0xe9, 0x47,
+- 0xec, 0xf1, 0x79, 0xcc, 0x05, 0xef, 0xdb, 0xcd,
+- 0xca, 0x8b, 0x8e, 0x61, 0x45, 0xad, 0xa6, 0xd9,
+- 0xd7, 0x4b, 0x15, 0xf4, 0x92, 0x3a, 0x2a, 0x52,
+- 0xe3, 0x44, 0x57, 0x2b, 0x74, 0x7a, 0x37, 0x41,
+- 0x50, 0xcb, 0xcf, 0x13, 0x49, 0xd6, 0x15, 0x54,
+- 0x97, 0xfd, 0xae, 0x9b, 0xc1, 0xbb, 0xfc, 0x5c,
+- 0xc1, 0x37, 0x58, 0x17, 0x63, 0x19, 0x9c, 0xcf,
+- 0xee, 0x9c, 0xe5, 0xbe, 0x06, 0xe4, 0x97, 0x47,
+- 0xd1, 0x93, 0xa1, 0x2c, 0x59, 0x97, 0x02, 0x01,
+- 0x31, 0x45, 0x8c, 0xe1, 0x5c, 0xac, 0xe7, 0x5f,
+- 0x6a, 0x23, 0xda, 0xbf, 0xe4, 0x25, 0xc6, 0x67,
+- 0xea, 0x5f, 0x73, 0x90, 0x1b, 0x06, 0x0f, 0x41,
+- 0xb5, 0x6e, 0x74, 0x7e, 0xfd, 0xd9, 0xaa, 0xbd,
+- 0xe2, 0x8d, 0xad, 0x99, 0xdd, 0x29, 0x70, 0xca,
+- 0x1b, 0x38, 0x21, 0x55, 0xde, 0x07, 0xaf, 0x00,
+-
+-};
+-static const unsigned char rsa_sigverx931_0_sig[] = {
+- 0x29, 0xa9, 0x3a, 0x8e, 0x9e, 0x90, 0x1b, 0xdb,
+- 0xaf, 0x0b, 0x47, 0x5b, 0xb5, 0xc3, 0x8c, 0xc3,
+- 0x70, 0xbe, 0x73, 0xf9, 0x65, 0x8e, 0xc6, 0x1e,
+- 0x95, 0x0b, 0xdb, 0x24, 0x76, 0x79, 0xf1, 0x00,
+- 0x71, 0xcd, 0xc5, 0x6a, 0x7b, 0xd2, 0x8b, 0x18,
+- 0xc4, 0xdd, 0xf1, 0x2a, 0x31, 0x04, 0x3f, 0xfc,
+- 0x36, 0x06, 0x20, 0x71, 0x3d, 0x62, 0xf2, 0xb5,
+- 0x79, 0x0a, 0xd5, 0xd2, 0x81, 0xf1, 0xb1, 0x4f,
+- 0x9a, 0x17, 0xe8, 0x67, 0x64, 0x48, 0x09, 0x75,
+- 0xff, 0x2d, 0xee, 0x36, 0xca, 0xca, 0x1d, 0x74,
+- 0x99, 0xbe, 0x5c, 0x94, 0x31, 0xcc, 0x12, 0xf4,
+- 0x59, 0x7e, 0x17, 0x00, 0x4f, 0x7b, 0xa4, 0xb1,
+- 0xda, 0xdb, 0x3e, 0xa4, 0x34, 0x10, 0x4a, 0x19,
+- 0x0a, 0xd2, 0xa7, 0xa0, 0xc5, 0xe6, 0xef, 0x82,
+- 0xd4, 0x2e, 0x21, 0xbe, 0x15, 0x73, 0xac, 0xef,
+- 0x05, 0xdb, 0x6a, 0x8a, 0x1a, 0xcb, 0x8e, 0xa5,
+- 0xee, 0xfb, 0x28, 0xbf, 0x96, 0xa4, 0x2b, 0xd2,
+- 0x85, 0x2b, 0x20, 0xc3, 0xaf, 0x9a, 0x32, 0x04,
+- 0xa0, 0x49, 0x24, 0x47, 0xd0, 0x09, 0xf7, 0xcf,
+- 0x73, 0xb6, 0xf6, 0x70, 0xda, 0x3b, 0xf8, 0x5a,
+- 0x28, 0x2e, 0x14, 0x6c, 0x52, 0xbd, 0x2a, 0x7c,
+- 0x8e, 0xc1, 0xa8, 0x0e, 0xb1, 0x1e, 0x6b, 0x8d,
+- 0x76, 0xea, 0x70, 0x81, 0xa0, 0x02, 0x63, 0x74,
+- 0xbc, 0x7e, 0xb9, 0xac, 0x0e, 0x7b, 0x1b, 0x75,
+- 0x82, 0xe2, 0x98, 0x4e, 0x24, 0x55, 0xd4, 0xbd,
+- 0x14, 0xde, 0x58, 0x56, 0x3a, 0x5d, 0x4e, 0x57,
+- 0x0d, 0x54, 0x74, 0xe8, 0x86, 0x8c, 0xcb, 0x07,
+- 0x9f, 0x0b, 0xfb, 0xc2, 0x08, 0x5c, 0xd7, 0x05,
+- 0x3b, 0xc8, 0xd2, 0x15, 0x68, 0x8f, 0x3d, 0x3c,
+- 0x4e, 0x85, 0xa9, 0x25, 0x6f, 0xf5, 0x2e, 0xca,
+- 0xca, 0xa8, 0x27, 0x89, 0x61, 0x4e, 0x1f, 0x57,
+- 0x2d, 0x99, 0x10, 0x3f, 0xbc, 0x9e, 0x96, 0x5e,
+- 0x2f, 0x0a, 0x25, 0xa7, 0x5c, 0xea, 0x65, 0x2a,
+- 0x22, 0x35, 0xa3, 0xf9, 0x13, 0x89, 0x05, 0x2e,
+- 0x19, 0x73, 0x1d, 0x70, 0x74, 0x98, 0x15, 0x4b,
+- 0xab, 0x56, 0x52, 0xe0, 0x01, 0x42, 0x95, 0x6a,
+- 0x46, 0x2c, 0x78, 0xff, 0x26, 0xbc, 0x48, 0x10,
+- 0x38, 0x25, 0xab, 0x32, 0x7c, 0x79, 0x7c, 0x5d,
+- 0x6f, 0x45, 0x54, 0x74, 0x2d, 0x93, 0x56, 0x52,
+- 0x11, 0x34, 0x1e, 0xe3, 0x4b, 0x6a, 0x17, 0x4f,
+- 0x37, 0x14, 0x75, 0xac, 0xa3, 0xa1, 0xca, 0xda,
+- 0x38, 0x06, 0xa9, 0x78, 0xb9, 0x5d, 0xd0, 0x59,
+- 0x1b, 0x5d, 0x1e, 0xc2, 0x0b, 0xfb, 0x39, 0x37,
+- 0x44, 0x85, 0xb6, 0x36, 0x06, 0x95, 0xbc, 0x15,
+- 0x35, 0xb9, 0xe6, 0x27, 0x42, 0xe3, 0xc8, 0xec,
+- 0x30, 0x37, 0x20, 0x26, 0x9a, 0x11, 0x61, 0xc0,
+- 0xdb, 0xb2, 0x5a, 0x26, 0x78, 0x27, 0xb9, 0x13,
+- 0xc9, 0x1a, 0xa7, 0x67, 0x93, 0xe8, 0xbe, 0xcb,
+-};
+-
+-#define rsa_sigverx931_1_n rsa_sigverx931_0_n
+-#define rsa_sigverx931_1_e rsa_sigverx931_0_e
+-static const unsigned char rsa_sigverx931_1_msg[] = {
+- 0x79, 0x02, 0xb9, 0xd2, 0x3e, 0x84, 0x02, 0xc8,
+- 0x2a, 0x94, 0x92, 0x14, 0x8d, 0xd5, 0xd3, 0x8d,
+- 0xb2, 0xf6, 0x00, 0x8b, 0x61, 0x2c, 0xd2, 0xf9,
+- 0xa8, 0xe0, 0x5d, 0xac, 0xdc, 0xa5, 0x34, 0xf3,
+- 0xda, 0x6c, 0xd4, 0x70, 0x92, 0xfb, 0x40, 0x26,
+- 0xc7, 0x9b, 0xe8, 0xd2, 0x10, 0x11, 0xcf, 0x7f,
+- 0x23, 0xd0, 0xed, 0x55, 0x52, 0x6d, 0xd3, 0xb2,
+- 0x56, 0x53, 0x8d, 0x7c, 0x4c, 0xb8, 0xcc, 0xb5,
+- 0xfd, 0xd0, 0x45, 0x4f, 0x62, 0x40, 0x54, 0x42,
+- 0x68, 0xd5, 0xe5, 0xdd, 0xf0, 0x76, 0x94, 0x59,
+- 0x1a, 0x57, 0x13, 0xb4, 0xc3, 0x70, 0xcc, 0xbd,
+- 0x4c, 0x2e, 0xc8, 0x6b, 0x9d, 0x68, 0xd0, 0x72,
+- 0x6a, 0x94, 0xd2, 0x18, 0xb5, 0x3b, 0x86, 0x45,
+- 0x95, 0xaa, 0x50, 0xda, 0x35, 0xeb, 0x69, 0x44,
+- 0x1f, 0xf3, 0x3a, 0x51, 0xbb, 0x1d, 0x08, 0x42,
+- 0x12, 0xd7, 0xd6, 0x21, 0xd8, 0x9b, 0x87, 0x55,
+-};
+-
+-static const unsigned char rsa_sigverx931_1_sig[] = {
+- 0x3b, 0xba, 0xb3, 0xb1, 0xb2, 0x6a, 0x29, 0xb5,
+- 0xf9, 0x94, 0xf1, 0x00, 0x5c, 0x16, 0x67, 0x67,
+- 0x73, 0xd3, 0xde, 0x7e, 0x07, 0xfa, 0xaa, 0x95,
+- 0xeb, 0x5a, 0x55, 0xdc, 0xb2, 0xa9, 0x70, 0x5a,
+- 0xee, 0x8f, 0x8d, 0x69, 0x85, 0x2b, 0x00, 0xe3,
+- 0xdc, 0xe2, 0x73, 0x9b, 0x68, 0xeb, 0x93, 0x69,
+- 0x08, 0x03, 0x17, 0xd6, 0x50, 0x21, 0x14, 0x23,
+- 0x8c, 0xe6, 0x54, 0x3a, 0xd9, 0xfc, 0x8b, 0x14,
+- 0x81, 0xb1, 0x8b, 0x9d, 0xd2, 0xbe, 0x58, 0x75,
+- 0x94, 0x74, 0x93, 0xc9, 0xbb, 0x4e, 0xf6, 0x1f,
+- 0x73, 0x7d, 0x1a, 0x5f, 0xbd, 0xbf, 0x59, 0x37,
+- 0x5b, 0x98, 0x54, 0xad, 0x3a, 0xef, 0xa0, 0xef,
+- 0xcb, 0xc3, 0xe8, 0x84, 0xd8, 0x3d, 0xf5, 0x60,
+- 0xb8, 0xc3, 0x8d, 0x1e, 0x78, 0xa0, 0x91, 0x94,
+- 0xb7, 0xd7, 0xb1, 0xd4, 0xe2, 0xee, 0x81, 0x93,
+- 0xfc, 0x41, 0xf0, 0x31, 0xbb, 0x03, 0x52, 0xde,
+- 0x80, 0x20, 0x3a, 0x68, 0xe6, 0xc5, 0x50, 0x1b,
+- 0x08, 0x3f, 0x40, 0xde, 0xb3, 0xe5, 0x81, 0x99,
+- 0x7f, 0xdb, 0xb6, 0x5d, 0x61, 0x27, 0xd4, 0xfb,
+- 0xcd, 0xc5, 0x7a, 0xea, 0xde, 0x7a, 0x66, 0xef,
+- 0x55, 0x3f, 0x85, 0xea, 0x84, 0xc5, 0x0a, 0xf6,
+- 0x3c, 0x40, 0x38, 0xf7, 0x6c, 0x66, 0xe5, 0xbe,
+- 0x61, 0x41, 0xd3, 0xb1, 0x08, 0xe1, 0xb4, 0xf9,
+- 0x6e, 0xf6, 0x0e, 0x4a, 0x72, 0x6c, 0x61, 0x63,
+- 0x3e, 0x41, 0x33, 0x94, 0xd6, 0x27, 0xa4, 0xd9,
+- 0x3a, 0x20, 0x2b, 0x39, 0xea, 0xe5, 0x82, 0x48,
+- 0xd6, 0x5b, 0x58, 0x85, 0x44, 0xb0, 0xd2, 0xfd,
+- 0xfb, 0x3e, 0xeb, 0x78, 0xac, 0xbc, 0xba, 0x16,
+- 0x92, 0x0e, 0x20, 0xc1, 0xb2, 0xd1, 0x92, 0xa8,
+- 0x00, 0x88, 0xc0, 0x41, 0x46, 0x38, 0xb6, 0x54,
+- 0x70, 0x0c, 0x00, 0x62, 0x97, 0x6a, 0x8e, 0x66,
+- 0x5a, 0xa1, 0x6c, 0xf7, 0x6d, 0xc2, 0x27, 0x56,
+- 0x60, 0x5b, 0x0c, 0x52, 0xac, 0x5c, 0xae, 0x99,
+- 0x55, 0x11, 0x62, 0x52, 0x09, 0x48, 0x53, 0x90,
+- 0x3c, 0x0b, 0xd4, 0xdc, 0x7b, 0xe3, 0x4c, 0xe3,
+- 0xa8, 0x6d, 0xc5, 0xdf, 0xc1, 0x5c, 0x59, 0x25,
+- 0x99, 0x30, 0xde, 0x57, 0x6a, 0x84, 0x25, 0x34,
+- 0x3e, 0x64, 0x11, 0xdb, 0x7a, 0x82, 0x8e, 0x70,
+- 0xd2, 0x5c, 0x0e, 0x81, 0xa0, 0x24, 0x53, 0x75,
+- 0x98, 0xd6, 0x10, 0x01, 0x6a, 0x14, 0xed, 0xc3,
+- 0x6f, 0xc4, 0x18, 0xb8, 0xd2, 0x9f, 0x59, 0x53,
+- 0x81, 0x3a, 0x86, 0x31, 0xfc, 0x9e, 0xbf, 0x6c,
+- 0x52, 0x93, 0x86, 0x9c, 0xaa, 0x6c, 0x6f, 0x07,
+- 0x8a, 0x40, 0x33, 0x64, 0xb2, 0x70, 0x48, 0x85,
+- 0x05, 0x59, 0x65, 0x2d, 0x6b, 0x9a, 0xad, 0xab,
+- 0x20, 0x7e, 0x02, 0x6d, 0xde, 0xcf, 0x22, 0x0b,
+- 0xea, 0x6e, 0xbd, 0x1c, 0x39, 0x3a, 0xfd, 0xa4,
+- 0xde, 0x54, 0xae, 0xde, 0x5e, 0xf7, 0xb0, 0x6d,
+-};
+-
+ static const struct rsa_sigver_st rsa_sigver_data[] = {
+ {
+ "pkcs1", /* pkcs1v1.5 */
+@@ -1991,17 +1788,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = {
+ NO_PSS_SALT_LEN,
+ FAIL
+ },
+- {
+- "x931",
+- 3072,
+- "SHA256",
+- ITM(rsa_sigverx931_1_msg),
+- ITM(rsa_sigverx931_1_n),
+- ITM(rsa_sigverx931_1_e),
+- ITM(rsa_sigverx931_1_sig),
+- NO_PSS_SALT_LEN,
+- FAIL
+- },
+ {
+ "pss",
+ 4096,
+--
+2.48.1
+
diff --git a/0031-FIPS-Set-minimum-password-length-for-pbkdf2.patch b/0031-FIPS-Set-minimum-password-length-for-pbkdf2.patch
new file mode 100644
index 0000000..0a5eeca
--- /dev/null
+++ b/0031-FIPS-Set-minimum-password-length-for-pbkdf2.patch
@@ -0,0 +1,121 @@
+From 988a9bb3e0ab98f8ca8c10a3f9758b07746f40a2 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 31/49] FIPS: Set minimum password length for pbkdf2
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The Implementation Guidance for FIPS 140-3 says in section D.N
+"Password-Based Key Derivation for Storage Applications" that "the
+vendor shall document in the module’s Security Policy the length of
+a password/passphrase used in key derivation and establish an upper
+bound for the probability of having this parameter guessed at random.
+This probability shall take into account not only the length of the
+password/passphrase, but also the difficulty of guessing it. The
+decision on the minimum length of a password used for key derivation is
+the vendor’s, but the vendor shall at a minimum informally justify the
+decision."
+
+We are choosing a minimum password length of 8 bytes, because NIST's
+ACVP testing uses passwords as short as 8 bytes, and requiring longer
+passwords combined with an implicit indicator (i.e., returning an error)
+would cause the module to fail ACVP testing.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ providers/implementations/kdfs/pbkdf2.c | 39 +++++++++++++++++++++----
+ 1 file changed, 33 insertions(+), 6 deletions(-)
+
+diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
+index b383314064..68f9355b7d 100644
+--- a/providers/implementations/kdfs/pbkdf2.c
++++ b/providers/implementations/kdfs/pbkdf2.c
+@@ -36,6 +36,21 @@
+ #define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF
+ #define KDF_PBKDF2_MIN_ITERATIONS 1000
+ #define KDF_PBKDF2_MIN_SALT_LEN (128 / 8)
++/* The Implementation Guidance for FIPS 140-3 says in section D.N
++ * "Password-Based Key Derivation for Storage Applications" that "the vendor
++ * shall document in the module’s Security Policy the length of
++ * a password/passphrase used in key derivation and establish an upper bound
++ * for the probability of having this parameter guessed at random. This
++ * probability shall take into account not only the length of the
++ * password/passphrase, but also the difficulty of guessing it. The decision on
++ * the minimum length of a password used for key derivation is the vendor’s,
++ * but the vendor shall at a minimum informally justify the decision."
++ *
++ * We are choosing a minimum password length of 8 bytes, because NIST's ACVP
++ * testing uses passwords as short as 8 bytes, and requiring longer passwords
++ * combined with an implicit indicator (i.e., returning an error) would cause
++ * the module to fail ACVP testing. */
++#define KDF_PBKDF2_MIN_PASSWORD_LEN (8)
+
+ static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new;
+ static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf2_dup;
+@@ -179,8 +194,8 @@ static int pbkdf2_set_membuf(unsigned char **buffer, size_t *buflen,
+ }
+
+ static int pbkdf2_lower_bound_check_passed(int saltlen, uint64_t iter,
+- size_t keylen, int *error,
+- const char **desc)
++ size_t keylen, size_t passlen,
++ int *error, const char **desc)
+ {
+ if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) {
+ *error = PROV_R_KEY_SIZE_TOO_SMALL;
+@@ -200,7 +215,12 @@ static int pbkdf2_lower_bound_check_passed(int saltlen, uint64_t iter,
+ *desc = "Iteration count";
+ return 0;
+ }
+-
++ if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) {
++ *error = PROV_R_INVALID_INPUT_LENGTH;
++ if (desc != NULL)
++ *desc = "Password length";
++ return 0;
++ }
+ return 1;
+ }
+
+@@ -211,7 +231,8 @@ static int fips_lower_bound_check_passed(KDF_PBKDF2 *ctx, size_t keylen)
+ int error = 0;
+ const char *desc = NULL;
+ int approved = pbkdf2_lower_bound_check_passed(ctx->salt_len, ctx->iter,
+- keylen, &error, &desc);
++ keylen, ctx->pass_len,
++ &error, &desc);
+
+ if (!approved) {
+ if (!OSSL_FIPS_IND_ON_UNAPPROVED(ctx, OSSL_FIPS_IND_SETTABLE0, libctx,
+@@ -283,9 +304,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
+ #endif
+ }
+
+- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL)
++ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) {
++ if (ctx->lower_bound_checks != 0
++ && p->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
++ return 0;
++ }
+ if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p))
+ return 0;
++ }
+
+ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
+ if (ctx->lower_bound_checks != 0
+@@ -406,7 +433,7 @@ static int pbkdf2_derive(KDF_PBKDF2 *ctx, const char *pass, size_t passlen,
+ if (lower_bound_checks) {
+ int error = 0;
+ int passed = pbkdf2_lower_bound_check_passed(saltlen, iter, keylen,
+- &error, NULL);
++ passlen, &error, NULL);
+
+ if (!passed) {
+ ERR_raise(ERR_LIB_PROV, error);
+--
+2.48.1
+
diff --git a/0032-FIPS-Disallow-SHAKE-in-RSA-OAEP-and-RSA-PSS.patch b/0032-FIPS-Disallow-SHAKE-in-RSA-OAEP-and-RSA-PSS.patch
new file mode 100644
index 0000000..d1c0f8c
--- /dev/null
+++ b/0032-FIPS-Disallow-SHAKE-in-RSA-OAEP-and-RSA-PSS.patch
@@ -0,0 +1,97 @@
+From 6830f8c50ff35b14c7451564b55fc0341795397a Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 32/49] FIPS: Disallow SHAKE in RSA-OAEP and RSA-PSS
+
+According to FIPS 140-3 IG, section C.C, the SHAKE digest algorithms
+must not be used in higher-level algorithms (such as RSA-OAEP and
+RSASSA-PSS):
+
+"To be used in an approved mode of operation, the SHA-3 hash functions
+may be implemented either as part of an approved higher-level algorithm,
+for example, a digital signature algorithm, or as the standalone
+functions. The SHAKE128 and SHAKE256 extendable-output functions may
+only be used as the standalone algorithms."
+
+Add a check to prevent their use as message digest in PSS signatures and
+as MGF1 hash function in both OAEP and PSS.
+
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ crypto/rsa/rsa_oaep.c | 16 ++++++++++++++++
+ crypto/rsa/rsa_pss.c | 16 ++++++++++++++++
+ 2 files changed, 32 insertions(+)
+
+diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
+index 5a1c080fcd..11cd78618b 100644
+--- a/crypto/rsa/rsa_oaep.c
++++ b/crypto/rsa/rsa_oaep.c
+@@ -76,6 +76,14 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
+ if (mgf1md == NULL)
+ mgf1md = md;
+
++#ifdef FIPS_MODULE
++ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256") ||
++ EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
++ return 0;
++ }
++#endif
++
+ #ifdef FIPS_MODULE
+ /* XOF are approved as standalone; Shake256 in Ed448; MGF */
+ if (EVP_MD_xof(md)) {
+@@ -194,6 +202,14 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+ if (mgf1md == NULL)
+ mgf1md = md;
+
++#ifdef FIPS_MODULE
++ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256") ||
++ EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
++ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
++ return -1;
++ }
++#endif
++
+ #ifdef FIPS_MODULE
+ /* XOF are approved as standalone; Shake256 in Ed448; MGF */
+ if (EVP_MD_xof(md)) {
+diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
+index a2bc198a89..2833ca50f3 100644
+--- a/crypto/rsa/rsa_pss.c
++++ b/crypto/rsa/rsa_pss.c
+@@ -61,6 +61,14 @@ int ossl_rsa_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
+ if (mgf1Hash == NULL)
+ mgf1Hash = Hash;
+
++#ifdef FIPS_MODULE
++ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
++ goto err;
++
++ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
++ goto err;
++#endif
++
+ hLen = EVP_MD_get_size(Hash);
+ if (hLen <= 0)
+ goto err;
+@@ -186,6 +194,14 @@ int ossl_rsa_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
+ if (mgf1Hash == NULL)
+ mgf1Hash = Hash;
+
++#ifdef FIPS_MODULE
++ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
++ goto err;
++
++ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
++ goto err;
++#endif
++
+ hLen = EVP_MD_get_size(Hash);
+ if (hLen <= 0)
+ goto err;
+--
+2.48.1
+
diff --git a/0032-Force-fips.patch b/0032-Force-fips.patch
deleted file mode 100644
index 985fadf..0000000
--- a/0032-Force-fips.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 2c110cf5551a3869514e697d8dc06682b62ca57d Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 11:59:02 +0200
-Subject: [PATCH 16/48] 0032-Force-fips.patch
-
-Patch-name: 0032-Force-fips.patch
-Patch-id: 32
-Patch-status: |
- # We load FIPS provider and set FIPS properties implicitly
----
- crypto/provider_conf.c | 28 +++++++++++++++++++++++++++-
- 1 file changed, 27 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
-index 058fb58837..5274265a70 100644
---- a/crypto/provider_conf.c
-+++ b/crypto/provider_conf.c
-@@ -10,6 +10,8 @@
- #include <string.h>
- #include <openssl/trace.h>
- #include <openssl/err.h>
-+#include <openssl/evp.h>
-+#include <unistd.h>
- #include <openssl/conf.h>
- #include <openssl/safestack.h>
- #include <openssl/provider.h>
-@@ -169,7 +171,7 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
- if (path != NULL)
- ossl_provider_set_module_path(prov, path);
-
-- ok = provider_conf_params(prov, NULL, NULL, value, cnf);
-+ ok = cnf ? provider_conf_params(prov, NULL, NULL, value, cnf) : 1;
-
- if (ok == 1) {
- if (!ossl_provider_activate(prov, 1, 0)) {
-@@ -268,6 +268,8 @@ static int provider_conf_activate(OSSL_L
-
- if (ok <= 0)
- ossl_provider_free(prov);
-+ } else {
-+ ok = 1;
- }
- CRYPTO_THREAD_unlock(pcgbl->lock);
-
-@@ -309,6 +311,33 @@ static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
- return 0;
- }
-
-+ if (ossl_get_kernel_fips_flag() != 0) { /* XXX from provider_conf_load */
-+ OSSL_LIB_CTX *libctx = NCONF_get0_libctx((CONF *)cnf);
-+# define FIPS_LOCAL_CONF OPENSSLDIR "/fips_local.cnf"
-+
-+ if (access(FIPS_LOCAL_CONF, R_OK) == 0) {
-+ CONF *fips_conf = NCONF_new_ex(libctx, NCONF_default());
-+ if (NCONF_load(fips_conf, FIPS_LOCAL_CONF, NULL) <= 0)
-+ return 0;
-+
-+ if (provider_conf_load(libctx, "fips", "fips_sect", fips_conf) != 1) {
-+ NCONF_free(fips_conf);
-+ return 0;
-+ }
-+ NCONF_free(fips_conf);
-+ } else {
-+ if (provider_conf_activate(libctx, "fips", NULL, NULL, 0, NULL) != 1)
-+ return 0;
-+ }
-+ /* provider_conf_load can return 1 even when the test is failed so check explicitly */
-+ if (OSSL_PROVIDER_available(libctx, "fips") != 1)
-+ return 0;
-+ if (provider_conf_activate(libctx, "base", NULL, NULL, 0, NULL) != 1)
-+ return 0;
-+ if (EVP_default_properties_enable_fips(libctx, 1) != 1)
-+ return 0;
-+ }
-+
- return 1;
- }
-
---
-2.41.0
-
diff --git a/0033-FIPS-RSA-encapsulate.patch b/0033-FIPS-RSA-encapsulate.patch
new file mode 100644
index 0000000..f4b78a7
--- /dev/null
+++ b/0033-FIPS-RSA-encapsulate.patch
@@ -0,0 +1,49 @@
+From 7e9ac612e11687587283d2f415a4bd44d46cf4b0 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 33/49] FIPS: RSA encapsulate
+
+Patch-name: 0091-FIPS-RSA-encapsulate.patch
+Patch-id: 91
+Patch-status: |
+ # 0091-FIPS-RSA-encapsulate.patch
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ providers/implementations/kem/rsa_kem.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
+index 7494dcc010..5d6123e8cb 100644
+--- a/providers/implementations/kem/rsa_kem.c
++++ b/providers/implementations/kem/rsa_kem.c
+@@ -284,6 +284,13 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
+ /* Step (1): nlen = Ceil(len(n)/8) */
+ nlen = RSA_size(prsactx->rsa);
+
++#ifdef FIPS_MODULE
++ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
++ return 0;
++ }
++#endif
++
+ if (out == NULL) {
+ if (nlen == 0) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
+@@ -360,6 +367,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
+ /* Step (1): get the byte length of n */
+ nlen = RSA_size(prsactx->rsa);
+
++#ifdef FIPS_MODULE
++ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
++ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
++ return 0;
++ }
++#endif
++
+ if (out == NULL) {
+ if (nlen == 0) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
+--
+2.48.1
+
diff --git a/0033-FIPS-embed-hmac.patch b/0033-FIPS-embed-hmac.patch
deleted file mode 100644
index 0bf3b2d..0000000
--- a/0033-FIPS-embed-hmac.patch
+++ /dev/null
@@ -1,396 +0,0 @@
-From 831d0025257fd3746ab3fe30c05dbbfc0043f78e Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 16/49] 0033-FIPS-embed-hmac.patch
-
-Patch-name: 0033-FIPS-embed-hmac.patch
-Patch-id: 33
-Patch-status: |
- # # Embed HMAC into the fips.so
- # Modify fips self test as per
- # https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- providers/fips/self_test.c | 204 ++++++++++++++++++++++++--
- test/fipsmodule.cnf | 2 +
- test/recipes/00-prep_fipsmodule_cnf.t | 2 +-
- test/recipes/01-test_fipsmodule_cnf.t | 2 +-
- test/recipes/03-test_fipsinstall.t | 2 +-
- test/recipes/30-test_defltfips.t | 2 +-
- test/recipes/80-test_ssl_new.t | 2 +-
- test/recipes/90-test_sslapi.t | 2 +-
- 8 files changed, 200 insertions(+), 18 deletions(-)
- create mode 100644 test/fipsmodule.cnf
-
-diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
-index b8dc9817b2..28f536d13c 100644
---- a/providers/fips/self_test.c
-+++ b/providers/fips/self_test.c
-@@ -230,11 +230,133 @@ err:
- return ok;
- }
-
-+#define HMAC_LEN 32
-+/*
-+ * The __attribute__ ensures we've created the .rodata1 section
-+ * static ensures it's zero filled
-+*/
-+static const unsigned char __attribute__ ((section (".rodata1"))) fips_hmac_container[HMAC_LEN] = {0};
-+
- /*
- * Calculate the HMAC SHA256 of data read using a BIO and read_cb, and verify
- * the result matches the expected value.
- * Return 1 if verified, or 0 if it fails.
- */
-+
-+#ifndef __USE_GNU
-+#define __USE_GNU
-+#include <dlfcn.h>
-+#undef __USE_GNU
-+#else
-+#include <dlfcn.h>
-+#endif
-+#include <link.h>
-+
-+static int verify_integrity_rodata(OSSL_CORE_BIO *bio,
-+ OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
-+ unsigned char *expected, size_t expected_len,
-+ OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
-+ const char *event_type)
-+{
-+ int ret = 0, status;
-+ unsigned char out[MAX_MD_SIZE];
-+ unsigned char buf[INTEGRITY_BUF_SIZE];
-+ size_t bytes_read = 0, out_len = 0;
-+ EVP_MAC *mac = NULL;
-+ EVP_MAC_CTX *ctx = NULL;
-+ OSSL_PARAM params[2], *p = params;
-+ Dl_info info;
-+ void *extra_info = NULL;
-+ struct link_map *lm = NULL;
-+ unsigned long paddr;
-+ unsigned long off = 0;
-+
-+ if (expected_len != HMAC_LEN)
-+ goto err;
-+
-+ if (!integrity_self_test(ev, libctx))
-+ goto err;
-+
-+ OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
-+
-+ if (!dladdr1 ((const void *)fips_hmac_container,
-+ &info, &extra_info, RTLD_DL_LINKMAP))
-+ goto err;
-+ lm = extra_info;
-+ paddr = (unsigned long)fips_hmac_container - lm->l_addr;
-+
-+ mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
-+ if (mac == NULL)
-+ goto err;
-+ ctx = EVP_MAC_CTX_new(mac);
-+ if (ctx == NULL)
-+ goto err;
-+
-+ *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME, 0);
-+ *p = OSSL_PARAM_construct_end();
-+
-+ if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
-+ goto err;
-+
-+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
-+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
-+ if (status != 1)
-+ break;
-+ if (!EVP_MAC_update(ctx, buf, bytes_read))
-+ goto err;
-+ off += bytes_read;
-+ }
-+
-+ if (off < paddr) {
-+ int delta = paddr - off;
-+ status = read_ex_cb(bio, buf, delta, &bytes_read);
-+ if (status != 1)
-+ goto err;
-+ if (!EVP_MAC_update(ctx, buf, bytes_read))
-+ goto err;
-+ off += bytes_read;
-+ }
-+
-+ /* read away the buffer */
-+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
-+ if (status != 1)
-+ goto err;
-+
-+ /* check that it is the expect bytes, no point in continuing otherwise */
-+ if (memcmp(expected, buf, HMAC_LEN) != 0)
-+ goto err;
-+
-+ /* replace in-file HMAC buffer with the original zeros */
-+ memset(buf, 0, HMAC_LEN);
-+ if (!EVP_MAC_update(ctx, buf, HMAC_LEN))
-+ goto err;
-+ off += HMAC_LEN;
-+
-+ while (bytes_read > 0) {
-+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
-+ if (status != 1)
-+ break;
-+ if (!EVP_MAC_update(ctx, buf, bytes_read))
-+ goto err;
-+ off += bytes_read;
-+ }
-+
-+ if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
-+ goto err;
-+
-+ OSSL_SELF_TEST_oncorrupt_byte(ev, out);
-+ if (expected_len != out_len
-+ || memcmp(expected, out, out_len) != 0)
-+ goto err;
-+ ret = 1;
-+err:
-+ OPENSSL_cleanse(out, MAX_MD_SIZE);
-+ OSSL_SELF_TEST_onend(ev, ret);
-+ EVP_MAC_CTX_free(ctx);
-+ EVP_MAC_free(mac);
-+ return ret;
-+}
-+
- static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex_cb,
- unsigned char *expected, size_t expected_len,
- OSSL_LIB_CTX *libctx, OSSL_SELF_TEST *ev,
-@@ -247,12 +369,23 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
- EVP_MAC *mac = NULL;
- EVP_MAC_CTX *ctx = NULL;
- OSSL_PARAM params[2], *p = params;
-+ Dl_info info;
-+ void *extra_info = NULL;
-+ struct link_map *lm = NULL;
-+ unsigned long paddr;
-+ unsigned long off = 0;
-
- if (!integrity_self_test(ev, libctx))
- goto err;
-
- OSSL_SELF_TEST_onbegin(ev, event_type, OSSL_SELF_TEST_DESC_INTEGRITY_HMAC);
-
-+ if (!dladdr1 ((const void *)fips_hmac_container,
-+ &info, &extra_info, RTLD_DL_LINKMAP))
-+ goto err;
-+ lm = extra_info;
-+ paddr = (unsigned long)fips_hmac_container - lm->l_addr;
-+
- mac = EVP_MAC_fetch(libctx, MAC_NAME, NULL);
- if (mac == NULL)
- goto err;
-@@ -266,13 +399,42 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
- if (!EVP_MAC_init(ctx, fixed_key, sizeof(fixed_key), params))
- goto err;
-
-- while (1) {
-- status = read_ex_cb(bio, buf, sizeof(buf), &bytes_read);
-+ while ((off + INTEGRITY_BUF_SIZE) <= paddr) {
-+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
- if (status != 1)
- break;
- if (!EVP_MAC_update(ctx, buf, bytes_read))
- goto err;
-+ off += bytes_read;
- }
-+
-+ if (off + INTEGRITY_BUF_SIZE > paddr) {
-+ int delta = paddr - off;
-+ status = read_ex_cb(bio, buf, delta, &bytes_read);
-+ if (status != 1)
-+ goto err;
-+ if (!EVP_MAC_update(ctx, buf, bytes_read))
-+ goto err;
-+ off += bytes_read;
-+
-+ status = read_ex_cb(bio, buf, HMAC_LEN, &bytes_read);
-+ memset(buf, 0, HMAC_LEN);
-+ if (status != 1)
-+ goto err;
-+ if (!EVP_MAC_update(ctx, buf, bytes_read))
-+ goto err;
-+ off += bytes_read;
-+ }
-+
-+ while (bytes_read > 0) {
-+ status = read_ex_cb(bio, buf, INTEGRITY_BUF_SIZE, &bytes_read);
-+ if (status != 1)
-+ break;
-+ if (!EVP_MAC_update(ctx, buf, bytes_read))
-+ goto err;
-+ off += bytes_read;
-+ }
-+
- if (!EVP_MAC_final(ctx, out, &out_len, sizeof(out)))
- goto err;
-
-@@ -282,6 +444,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
- goto err;
- ret = 1;
- err:
-+ OPENSSL_cleanse(out, sizeof(out));
- OSSL_SELF_TEST_onend(ev, ret);
- EVP_MAC_CTX_free(ctx);
- EVP_MAC_free(mac);
-@@ -335,8 +498,7 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
- return 0;
- }
-
-- if (st == NULL
-- || st->module_checksum_data == NULL) {
-+ if (st == NULL) {
- ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_CONFIG_DATA);
- goto end;
- }
-@@ -345,8 +507,14 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
- if (ev == NULL)
- goto end;
-
-- module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
-- &checksum_len);
-+ if (st->module_checksum_data == NULL) {
-+ module_checksum = fips_hmac_container;
-+ checksum_len = sizeof(fips_hmac_container);
-+ } else {
-+ module_checksum = OPENSSL_hexstr2buf(st->module_checksum_data,
-+ &checksum_len);
-+ }
-+
- if (module_checksum == NULL) {
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_CONFIG_DATA);
- goto end;
-@@ -354,14 +522,27 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
- bio_module = (*st->bio_new_file_cb)(st->module_filename, "rb");
-
- /* Always check the integrity of the fips module */
-- if (bio_module == NULL
-- || !verify_integrity(bio_module, st->bio_read_ex_cb,
-- module_checksum, checksum_len, st->libctx,
-- ev, OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
-+ if (bio_module == NULL) {
- ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
- goto end;
- }
--
-+ if (st->module_checksum_data == NULL) {
-+ if (!verify_integrity_rodata(bio_module, st->bio_read_ex_cb,
-+ module_checksum, checksum_len,
-+ st->libctx, ev,
-+ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
-+ goto end;
-+ }
-+ } else {
-+ if (!verify_integrity(bio_module, st->bio_read_ex_cb,
-+ module_checksum, checksum_len,
-+ st->libctx, ev,
-+ OSSL_SELF_TEST_TYPE_MODULE_INTEGRITY)) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_MODULE_INTEGRITY_FAILURE);
-+ goto end;
-+ }
-+ }
- /* This will be NULL during installation - so the self test KATS will run */
- if (st->indicator_data != NULL) {
- /*
-@@ -420,7 +601,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
- end:
- EVP_RAND_free(testrand);
- OSSL_SELF_TEST_free(ev);
-- OPENSSL_free(module_checksum);
- OPENSSL_free(indicator_checksum);
-
- if (st != NULL) {
-diff --git a/test/fipsmodule.cnf b/test/fipsmodule.cnf
-new file mode 100644
-index 0000000000..f05d0dedbe
---- /dev/null
-+++ b/test/fipsmodule.cnf
-@@ -0,0 +1,2 @@
-+[fips_sect]
-+activate = 1
-diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t
-index 4e3a6d85e8..e8255ba974 100644
---- a/test/recipes/00-prep_fipsmodule_cnf.t
-+++ b/test/recipes/00-prep_fipsmodule_cnf.t
-@@ -20,7 +20,7 @@ use lib srctop_dir('Configurations');
- use lib bldtop_dir('.');
- use platform;
-
--my $no_check = disabled("fips");
-+my $no_check = 1;
- plan skip_all => "FIPS module config file only supported in a fips build"
- if $no_check;
-
-diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t
-index ce594817d5..00cebacff8 100644
---- a/test/recipes/01-test_fipsmodule_cnf.t
-+++ b/test/recipes/01-test_fipsmodule_cnf.t
-@@ -23,7 +23,7 @@ use lib srctop_dir('Configurations');
- use lib bldtop_dir('.');
- use platform;
-
--my $no_check = disabled("fips");
-+my $no_check = 1;
- plan skip_all => "Test only supported in a fips build"
- if $no_check;
- plan tests => 1;
-diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t
-index b8b136d110..8242f4ebc3 100644
---- a/test/recipes/03-test_fipsinstall.t
-+++ b/test/recipes/03-test_fipsinstall.t
-@@ -22,7 +22,7 @@ use lib srctop_dir('Configurations');
- use lib bldtop_dir('.');
- use platform;
-
--plan skip_all => "Test only supported in a fips build" if disabled("fips");
-+plan skip_all => "Test only supported in a fips build" if 1;
-
- # Compatible options for pedantic FIPS compliance
- my @pedantic_okay =
-diff --git a/test/recipes/30-test_defltfips.t b/test/recipes/30-test_defltfips.t
-index c8f145405b..56a2ec5dc4 100644
---- a/test/recipes/30-test_defltfips.t
-+++ b/test/recipes/30-test_defltfips.t
-@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
- plan skip_all => "Configuration loading is turned off"
- if disabled("autoload-config");
-
--my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
-
- plan tests =>
- ($no_fips ? 1 : 5);
-diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
-index 195b85ea8c..92d48dbf7d 100644
---- a/test/recipes/80-test_ssl_new.t
-+++ b/test/recipes/80-test_ssl_new.t
-@@ -27,7 +27,7 @@ setup("test_ssl_new");
- use lib srctop_dir('Configurations');
- use lib bldtop_dir('.');
-
--my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
-
- $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
-
-diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t
-index 18d9f3d204..71780d8caa 100644
---- a/test/recipes/90-test_sslapi.t
-+++ b/test/recipes/90-test_sslapi.t
-@@ -17,7 +17,7 @@ setup("test_sslapi");
- setup("test_sslapi");
- }
-
--my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-+my $no_fips = 1; #disabled('fips') || ($ENV{NO_FIPS} // 0);
- my $fipsmodcfg_filename = "fipsmodule.cnf";
- my $fipsmodcfg = bldtop_file("test", $fipsmodcfg_filename);
-
---
-2.44.0
-
diff --git a/0034-FIPS-Disable-FIPS-186-4-DH-type-parameters.patch b/0034-FIPS-Disable-FIPS-186-4-DH-type-parameters.patch
new file mode 100644
index 0000000..7008fd6
--- /dev/null
+++ b/0034-FIPS-Disable-FIPS-186-4-DH-type-parameters.patch
@@ -0,0 +1,330 @@
+From 629ecffac4fd37f87aa1bfabbeb6418345396699 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 34/49] FIPS: Disable FIPS 186-4 DH type parameters
+
+For DH parameter and key pair generation/verification, the DSA
+procedures specified in FIPS 186-4 are used. With the release of FIPS
+186-5 and the removal of DSA, the approved status of these groups is in
+peril. Once the transition for DSA ends (this transition will be 1 year
+long and start once CMVP has published the guidance), no more
+submissions claiming DSA will be allowed. Hence, FIPS 186-type
+parameters will also be automatically non-approved.
+
+In the FIPS provider, disable validation of any DH parameters that are
+not well-known groups, and remove DH parameter generation completely.
+
+Adjust tests to use well-known groups or larger DH groups where this
+change would now cause failures, and skip tests that are expected to
+fail due to this change.
+
+Related: rhbz#2169757, rhbz#2169757
+Signed-off-by: Clemens Lang <cllang@redhat.com>
+
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+
+NOTE: Dropped changes in test/recipes/80-test_cms.t
+---
+ crypto/dh/dh_backend.c | 10 ++++
+ crypto/dh/dh_check.c | 12 ++--
+ crypto/dh/dh_gen.c | 12 +++-
+ crypto/dh/dh_key.c | 13 ++--
+ crypto/dh/dh_pmeth.c | 10 +++-
+ providers/implementations/keymgmt/dh_kmgmt.c | 5 ++
+ test/endecode_test.c | 4 +-
+ test/evp_libctx_test.c | 2 +-
+ test/helpers/predefined_dhparams.c | 62 ++++++++++++++++++++
+ test/helpers/predefined_dhparams.h | 1 +
+ test/recipes/80-test_ssl_old.t | 3 +
+ 11 files changed, 116 insertions(+), 18 deletions(-)
+
+diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
+index 1aaa88daca..aa3a491799 100644
+--- a/crypto/dh/dh_backend.c
++++ b/crypto/dh/dh_backend.c
+@@ -47,6 +47,16 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
+ if (!dh_ffc_params_fromdata(dh, params))
+ return 0;
+
++#ifdef FIPS_MODULE
++ if (!ossl_dh_is_named_safe_prime_group(dh)) {
++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
++ "FIPS 186-4 type domain parameters no longer allowed in"
++ " FIPS mode, since the required validation routines"
++ " were removed from FIPS 186-5");
++ return 0;
++ }
++#endif
++
+ param_priv_len =
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
+ if (param_priv_len != NULL
+diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
+index ae23f61839..6e30a9b735 100644
+--- a/crypto/dh/dh_check.c
++++ b/crypto/dh/dh_check.c
+@@ -57,13 +57,15 @@ int DH_check_params(const DH *dh, int *ret)
+ nid = DH_get_nid((DH *)dh);
+ if (nid != NID_undef)
+ return 1;
++
+ /*
+- * OR
+- * (2b) FFC domain params conform to FIPS-186-4 explicit domain param
+- * validity tests.
++ * FIPS 186-4 explicit domain parameters are no longer supported in FIPS mode.
+ */
+- return ossl_ffc_params_FIPS186_4_validate(dh->libctx, &dh->params,
+- FFC_PARAM_TYPE_DH, ret, NULL);
++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
++ "FIPS 186-4 type domain parameters no longer allowed in"
++ " FIPS mode, since the required validation routines were"
++ " removed from FIPS 186-5");
++ return 0;
+ }
+ #else
+ int DH_check_params(const DH *dh, int *ret)
+diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
+index b73bfb7f3b..275ce2c1af 100644
+--- a/crypto/dh/dh_gen.c
++++ b/crypto/dh/dh_gen.c
+@@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
+ int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
+ BN_GENCB *cb)
+ {
+- int ret, res;
++ int ret = 0;
+
+ #ifndef FIPS_MODULE
++ int res;
++
+ if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
+ ret = ossl_ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
+ FFC_PARAM_TYPE_DH,
+ pbits, qbits, &res, cb);
+ else
+-#endif
+ ret = ossl_ffc_params_FIPS186_4_generate(dh->libctx, &dh->params,
+ FFC_PARAM_TYPE_DH,
+ pbits, qbits, &res, cb);
++#else
++ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
++ "FIPS 186-4 type domain parameters no longer allowed in"
++ " FIPS mode, since the required generation routines were"
++ " removed from FIPS 186-5");
++#endif
+ if (ret > 0)
+ dh->dirty_cnt++;
+ return ret;
+diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
+index 189bfc3e8b..023d628502 100644
+--- a/crypto/dh/dh_key.c
++++ b/crypto/dh/dh_key.c
+@@ -336,8 +336,12 @@ static int generate_key(DH *dh)
+ goto err;
+ } else {
+ #ifdef FIPS_MODULE
+- if (dh->params.q == NULL)
+- goto err;
++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
++ "FIPS 186-4 type domain parameters no longer"
++ " allowed in FIPS mode, since the required"
++ " generation routines were removed from FIPS"
++ " 186-5");
++ goto err;
+ #else
+ if (dh->params.q == NULL) {
+ /* secret exponent length, must satisfy 2^(l-1) <= p */
+@@ -358,9 +362,7 @@ static int generate_key(DH *dh)
+ if (!BN_clear_bit(priv_key, 0))
+ goto err;
+ }
+- } else
+-#endif
+- {
++ } else {
+ /* Do a partial check for invalid p, q, g */
+ if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params,
+ FFC_PARAM_TYPE_DH, NULL))
+@@ -376,6 +378,7 @@ static int generate_key(DH *dh)
+ priv_key))
+ goto err;
+ }
++#endif
+ }
+ }
+
+diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
+index c11ada9826..e279e9d60d 100644
+--- a/crypto/dh/dh_pmeth.c
++++ b/crypto/dh/dh_pmeth.c
+@@ -303,13 +303,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx,
+ prime_len, subprime_len, &res,
+ pcb);
+ else
+-# endif
+- /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */
+- if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2)
+ rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params,
+ FFC_PARAM_TYPE_DH,
+ prime_len, subprime_len, &res,
+ pcb);
++# else
++ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
++ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
++ "FIPS 186-4 type domain parameters no longer allowed in"
++ " FIPS mode, since the required generation routines were"
++ " removed from FIPS 186-5");
++# endif
+ if (rv <= 0) {
+ DH_free(ret);
+ return NULL;
+diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
+index c2ee859355..51c21e436f 100644
+--- a/providers/implementations/keymgmt/dh_kmgmt.c
++++ b/providers/implementations/keymgmt/dh_kmgmt.c
+@@ -420,6 +420,11 @@ static int dh_validate(const void *keydata, int selection, int checktype)
+ if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
+ return 1; /* nothing to validate */
+
++#ifdef FIPS_MODULE
++ /* In FIPS provider, always check the domain parameters to disallow
++ * operations on keys with FIPS 186-4 params. */
++ selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
++#endif
+ if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
+ /*
+ * Both of these functions check parameters. DH_check_params_ex()
+diff --git a/test/endecode_test.c b/test/endecode_test.c
+index 85c84f6592..d2ff9e6eb6 100644
+--- a/test/endecode_test.c
++++ b/test/endecode_test.c
+@@ -85,10 +85,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
+ * for testing only. Use a minimum key size of 2048 for security purposes.
+ */
+ if (strcmp(type, "DH") == 0)
+- return get_dh512(keyctx);
++ return get_dh2048(keyctx);
+
+ if (strcmp(type, "X9.42 DH") == 0)
+- return get_dhx512(keyctx);
++ return get_dhx_ffdhe2048(keyctx);
+ # endif
+
+ /*
+diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
+index 039fca9bb0..2838f343bd 100644
+--- a/test/evp_libctx_test.c
++++ b/test/evp_libctx_test.c
+@@ -222,7 +222,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
+
+ if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
+ || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
+- || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
++ || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey) == 1, expected))
+ goto err;
+
+ if (expected) {
+diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c
+index 4bdadc4143..e5186e4b4a 100644
+--- a/test/helpers/predefined_dhparams.c
++++ b/test/helpers/predefined_dhparams.c
+@@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx)
+ dhx512_q, sizeof(dhx512_q));
+ }
+
++EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx)
++{
++ /* This is RFC 7919 ffdhe2048, since Red Hat removes support for
++ * non-well-known groups in FIPS mode. */
++ static unsigned char dhx_p[] = {
++ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xad, 0xf8, 0x54, 0x58,
++ 0xa2, 0xbb, 0x4a, 0x9a, 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1,
++ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, 0xa9, 0xe1, 0x36, 0x41,
++ 0x14, 0x64, 0x33, 0xfb, 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9,
++ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, 0xf6, 0x81, 0xb2, 0x02,
++ 0xae, 0xc4, 0x61, 0x7a, 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61,
++ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, 0x85, 0x63, 0x65, 0x55,
++ 0x3d, 0xed, 0x1a, 0xf3, 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
++ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, 0xe2, 0xa6, 0x89, 0xda,
++ 0xf3, 0xef, 0xe8, 0x72, 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
++ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, 0xbc, 0x0a, 0xb1, 0x82,
++ 0xb3, 0x24, 0xfb, 0x61, 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb,
++ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, 0x1d, 0x4f, 0x42, 0xa3,
++ 0xde, 0x39, 0x4d, 0xf4, 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19,
++ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, 0x9e, 0x02, 0xfc, 0xe1,
++ 0xcd, 0xf7, 0xe2, 0xec, 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61,
++ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, 0x8e, 0x4f, 0x12, 0x32,
++ 0xee, 0xf2, 0x81, 0x83, 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73,
++ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, 0xc5, 0x8e, 0xf1, 0x83,
++ 0x7d, 0x16, 0x83, 0xb2, 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
++ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, 0xff, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff
++ };
++ static unsigned char dhx_g[] = {
++ 0x02
++ };
++ static unsigned char dhx_q[] = {
++ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
++ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
++ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
++ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
++ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
++ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
++ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
++ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
++ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
++ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
++ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
++ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
++ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
++ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
++ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
++ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
++ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
++ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
++ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
++ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
++ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff,
++ 0xff, 0xff, 0xff, 0xff
++ };
++
++ return get_dh_from_pg(libctx, "X9.42 DH",
++ dhx_p, sizeof(dhx_p),
++ dhx_g, sizeof(dhx_g),
++ dhx_q, sizeof(dhx_q));
++}
++
+ EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
+ {
+ static unsigned char dh1024_p[] = {
+diff --git a/test/helpers/predefined_dhparams.h b/test/helpers/predefined_dhparams.h
+index f0e8709062..2ff6d6e721 100644
+--- a/test/helpers/predefined_dhparams.h
++++ b/test/helpers/predefined_dhparams.h
+@@ -12,6 +12,7 @@
+ #ifndef OPENSSL_NO_DH
+ EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
+ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx);
++EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx);
+ EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct);
+ EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
+ EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx);
+diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
+index 6332aaec4b..4d8c900c00 100755
+--- a/test/recipes/80-test_ssl_old.t
++++ b/test/recipes/80-test_ssl_old.t
+@@ -458,6 +458,9 @@ sub testssl {
+ skip "skipping dhe1024dsa test", 1
+ if ($no_dh);
+
++ skip "FIPS 186-4 type DH groups are no longer supported by the FIPS provider", 1
++ if $provider eq "fips";
++
+ ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
+ 'test sslv2/sslv3 with 1024bit DHE via BIO pair');
+ }
+--
+2.48.1
+
diff --git a/0034.fipsinstall_disable.patch b/0034.fipsinstall_disable.patch
deleted file mode 100644
index 2c3f5cf..0000000
--- a/0034.fipsinstall_disable.patch
+++ /dev/null
@@ -1,473 +0,0 @@
-From a9825123e7ab3474d2794a5706d9bed047959c9c Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
-Subject: [PATCH 18/35] 0034.fipsinstall_disable.patch
-
-Patch-name: 0034.fipsinstall_disable.patch
-Patch-id: 34
-Patch-status: |
- # Comment out fipsinstall command-line utility
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
----
- apps/fipsinstall.c | 3 +
- doc/man1/openssl-fipsinstall.pod.in | 272 +---------------------------
- doc/man1/openssl.pod | 4 -
- doc/man5/config.pod | 1 -
- doc/man5/fips_config.pod | 104 +----------
- doc/man7/OSSL_PROVIDER-FIPS.pod | 1 -
- 6 files changed, 10 insertions(+), 375 deletions(-)
-
-diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
-index e1ef645b60..db92cb5fb2 100644
---- a/apps/fipsinstall.c
-+++ b/apps/fipsinstall.c
-@@ -375,6 +375,9 @@ int fipsinstall_main(int argc, char **argv)
- EVP_MAC *mac = NULL;
- CONF *conf = NULL;
-
-+ BIO_printf(bio_err, "This command is not enabled in the Red Hat Enterprise Linux OpenSSL build, please consult Red Hat documentation to learn how to enable FIPS mode\n");
-+ return 1;
-+
- if ((opts = sk_OPENSSL_STRING_new_null()) == NULL)
- goto end;
-
-diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
-index b1768b7f91..b6b00e27d8 100644
---- a/doc/man1/openssl-fipsinstall.pod.in
-+++ b/doc/man1/openssl-fipsinstall.pod.in
-@@ -8,275 +8,9 @@ openssl-fipsinstall - perform FIPS configuration installation
- =head1 SYNOPSIS
-
- B<openssl fipsinstall>
--[B<-help>]
--[B<-in> I<configfilename>]
--[B<-out> I<configfilename>]
--[B<-module> I<modulefilename>]
--[B<-provider_name> I<providername>]
--[B<-section_name> I<sectionname>]
--[B<-verify>]
--[B<-mac_name> I<macname>]
--[B<-macopt> I<nm>:I<v>]
--[B<-noout>]
--[B<-quiet>]
--[B<-pedantic>]
--[B<-no_conditional_errors>]
--[B<-no_security_checks>]
--[B<-ems_check>]
--[B<-no_drbg_truncated_digests>]
--[B<-self_test_onload>]
--[B<-self_test_oninstall>]
--[B<-corrupt_desc> I<selftest_description>]
--[B<-corrupt_type> I<selftest_type>]
--[B<-config> I<parent_config>]
--
--=head1 DESCRIPTION
--
--This command is used to generate a FIPS module configuration file.
--This configuration file can be used each time a FIPS module is loaded
--in order to pass data to the FIPS module self tests. The FIPS module always
--verifies its MAC, but optionally only needs to run the KAT's once,
--at installation.
--
--The generated configuration file consists of:
--
--=over 4
--
--=item - A MAC of the FIPS module file.
--
--=item - A test status indicator.
--
--This indicates if the Known Answer Self Tests (KAT's) have successfully run.
--
--=item - A MAC of the status indicator.
--
--=item - A control for conditional self tests errors.
--
--By default if a continuous test (e.g a key pair test) fails then the FIPS module
--will enter an error state, and no services or cryptographic algorithms will be
--able to be accessed after this point.
--The default value of '1' will cause the fips module error state to be entered.
--If the value is '0' then the module error state will not be entered.
--Regardless of whether the error state is entered or not, the current operation
--(e.g. key generation) will return an error. The user is responsible for retrying
--the operation if the module error state is not entered.
--
--=item - A control to indicate whether run-time security checks are done.
--
--This indicates if run-time checks related to enforcement of security parameters
--such as minimum security strength of keys and approved curve names are used.
--The default value of '1' will perform the checks.
--If the value is '0' the checks are not performed and FIPS compliance must
--be done by procedures documented in the relevant Security Policy.
--
--=back
--
--This file is described in L<fips_config(5)>.
--
--=head1 OPTIONS
--
--=over 4
--
--=item B<-help>
--
--Print a usage message.
--
--=item B<-module> I<filename>
--
--Filename of the FIPS module to perform an integrity check on.
--The path provided in the filename is used to load the module when it is
--activated, and this overrides the environment variable B<OPENSSL_MODULES>.
--
--=item B<-out> I<configfilename>
--
--Filename to output the configuration data to; the default is standard output.
--
--=item B<-in> I<configfilename>
--
--Input filename to load configuration data from.
--Must be used if the B<-verify> option is specified.
--
--=item B<-verify>
--
--Verify that the input configuration file contains the correct information.
--
--=item B<-provider_name> I<providername>
--
--Name of the provider inside the configuration file.
--The default value is C<fips>.
--
--=item B<-section_name> I<sectionname>
--
--Name of the section inside the configuration file.
--The default value is C<fips_sect>.
--
--=item B<-mac_name> I<name>
--
--Specifies the name of a supported MAC algorithm which will be used.
--The MAC mechanisms that are available will depend on the options
--used when building OpenSSL.
--To see the list of supported MAC's use the command
--C<openssl list -mac-algorithms>. The default is B<HMAC>.
--
--=item B<-macopt> I<nm>:I<v>
--
--Passes options to the MAC algorithm.
--A comprehensive list of controls can be found in the EVP_MAC implementation
--documentation.
--Common control strings used for this command are:
--
--=over 4
--
--=item B<key>:I<string>
--
--Specifies the MAC key as an alphanumeric string (use if the key contains
--printable characters only).
--The string length must conform to any restrictions of the MAC algorithm.
--A key must be specified for every MAC algorithm.
--If no key is provided, the default that was specified when OpenSSL was
--configured is used.
--
--=item B<hexkey>:I<string>
--
--Specifies the MAC key in hexadecimal form (two hex digits per byte).
--The key length must conform to any restrictions of the MAC algorithm.
--A key must be specified for every MAC algorithm.
--If no key is provided, the default that was specified when OpenSSL was
--configured is used.
--
--=item B<digest>:I<string>
--
--Used by HMAC as an alphanumeric string (use if the key contains printable
--characters only).
--The string length must conform to any restrictions of the MAC algorithm.
--To see the list of supported digests, use the command
--C<openssl list -digest-commands>.
--The default digest is SHA-256.
--
--=back
--
--=item B<-noout>
--
--Disable logging of the self tests.
--
--=item B<-pedantic>
--
--Configure the module so that it is strictly FIPS compliant rather
--than being backwards compatible. This enables conditional errors,
--security checks etc. Note that any previous configuration options will
--be overwritten and any subsequent configuration options that violate
--FIPS compliance will result in an error.
--
--=item B<-no_conditional_errors>
--
--Configure the module to not enter an error state if a conditional self test
--fails as described above.
--
--=item B<-no_security_checks>
--
--Configure the module to not perform run-time security checks as described above.
--
--Enabling the configuration option "no-fips-securitychecks" provides another way to
--turn off the check at compile time.
--
--=item B<-ems_check>
--
--Configure the module to enable a run-time Extended Master Secret (EMS) check
--when using the TLS1_PRF KDF algorithm. This check is disabled by default.
--See RFC 7627 for information related to EMS.
--
--=item B<-no_drbg_truncated_digests>
--
--Configure the module to not allow truncated digests to be used with Hash and
--HMAC DRBGs. See FIPS 140-3 IG D.R for details.
--
--=item B<-self_test_onload>
--
--Do not write the two fields related to the "test status indicator" and
--"MAC status indicator" to the output configuration file. Without these fields
--the self tests KATS will run each time the module is loaded. This option could be
--used for cross compiling, since the self tests need to run at least once on each
--target machine. Once the self tests have run on the target machine the user
--could possibly then add the 2 fields into the configuration using some other
--mechanism.
--
--This is the default.
--
--=item B<-self_test_oninstall>
--
--The converse of B<-self_test_oninstall>. The two fields related to the
--"test status indicator" and "MAC status indicator" are written to the
--output configuration file.
--
--=item B<-quiet>
--
--Do not output pass/fail messages. Implies B<-noout>.
--
--=item B<-corrupt_desc> I<selftest_description>,
--B<-corrupt_type> I<selftest_type>
--
--The corrupt options can be used to test failure of one or more self tests by
--name.
--Either option or both may be used to select the tests to corrupt.
--Refer to the entries for B<st-desc> and B<st-type> in L<OSSL_PROVIDER-FIPS(7)> for
--values that can be used.
--
--=item B<-config> I<parent_config>
--
--Test that a FIPS provider can be loaded from the specified configuration file.
--A previous call to this application needs to generate the extra configuration
--data that is included by the base C<parent_config> configuration file.
--See L<config(5)> for further information on how to set up a provider section.
--All other options are ignored if '-config' is used.
--
--=back
--
--=head1 NOTES
--
--Self tests results are logged by default if the options B<-quiet> and B<-noout>
--are not specified, or if either of the options B<-corrupt_desc> or
--B<-corrupt_type> are used.
--If the base configuration file is set up to autoload the fips module, then the
--fips module will be loaded and self tested BEFORE the fipsinstall application
--has a chance to set up its own self test callback. As a result of this the self
--test output and the options B<-corrupt_desc> and B<-corrupt_type> will be ignored.
--For normal usage the base configuration file should use the default provider
--when generating the fips configuration file.
--
--The B<-self_test_oninstall> option was added and the
--B<-self_test_onload> option was made the default in OpenSSL 3.1.
--
--The command and all remaining options were added in OpenSSL 3.0.
--
--=head1 EXAMPLES
--
--Calculate the mac of a FIPS module F<fips.so> and run a FIPS self test
--for the module, and save the F<fips.cnf> configuration file:
--
-- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips
--
--Verify that the configuration file F<fips.cnf> contains the correct info:
--
-- openssl fipsinstall -module ./fips.so -in fips.cnf -provider_name fips -verify
--
--Corrupt any self tests which have the description C<SHA1>:
--
-- openssl fipsinstall -module ./fips.so -out fips.cnf -provider_name fips \
-- -corrupt_desc 'SHA1'
--
--Validate that the fips module can be loaded from a base configuration file:
--
-- export OPENSSL_CONF_INCLUDE=<path of configuration files>
-- export OPENSSL_MODULES=<provider-path>
-- openssl fipsinstall -config' 'default.cnf'
--
--
--=head1 SEE ALSO
--
--L<config(5)>,
--L<fips_config(5)>,
--L<OSSL_PROVIDER-FIPS(7)>,
--L<EVP_MAC(3)>
-+This command is disabled.
-+Please consult Red Hat Enterprise Linux documentation to learn how to correctly
-+enable FIPS mode on Red Hat Enterprise
-
- =head1 HISTORY
-
-diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
-index d9c22a580f..d5ec3b9a6a 100644
---- a/doc/man1/openssl.pod
-+++ b/doc/man1/openssl.pod
-@@ -135,10 +135,6 @@ Engine (loadable module) information and manipulation.
-
- Error Number to Error String Conversion.
-
--=item B<fipsinstall>
--
--FIPS configuration installation.
--
- =item B<gendsa>
-
- Generation of DSA Private Key from Parameters. Superseded by
-diff --git a/doc/man5/config.pod b/doc/man5/config.pod
-index 714a10437b..bd05736220 100644
---- a/doc/man5/config.pod
-+++ b/doc/man5/config.pod
-@@ -573,7 +573,6 @@ configuration files using that syntax will have to be modified.
- =head1 SEE ALSO
-
- L<openssl-x509(1)>, L<openssl-req(1)>, L<openssl-ca(1)>,
--L<openssl-fipsinstall(1)>,
- L<ASN1_generate_nconf(3)>,
- L<EVP_set_default_properties(3)>,
- L<CONF_modules_load(3)>,
-diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
-index 2255464304..1c15e32a5c 100644
---- a/doc/man5/fips_config.pod
-+++ b/doc/man5/fips_config.pod
-@@ -6,106 +6,10 @@ fips_config - OpenSSL FIPS configuration
-
- =head1 DESCRIPTION
-
--A separate configuration file, using the OpenSSL L<config(5)> syntax,
--is used to hold information about the FIPS module. This includes a digest
--of the shared library file, and status about the self-testing.
--This data is used automatically by the module itself for two
--purposes:
--
--=over 4
--
--=item - Run the startup FIPS self-test known answer tests (KATS).
--
--This is normally done once, at installation time, but may also be set up to
--run each time the module is used.
--
--=item - Verify the module's checksum.
--
--This is done each time the module is used.
--
--=back
--
--This file is generated by the L<openssl-fipsinstall(1)> program, and
--used internally by the FIPS module during its initialization.
--
--The following options are supported. They should all appear in a section
--whose name is identified by the B<fips> option in the B<providers>
--section, as described in L<config(5)/Provider Configuration Module>.
--
--=over 4
--
--=item B<activate>
--
--If present, the module is activated. The value assigned to this name is not
--significant.
--
--=item B<install-version>
--
--A version number for the fips install process. Should be 1.
--
--=item B<conditional-errors>
--
--The FIPS module normally enters an internal error mode if any self test fails.
--Once this error mode is active, no services or cryptographic algorithms are
--accessible from this point on.
--Continuous tests are a subset of the self tests (e.g., a key pair test during key
--generation, or the CRNG output test).
--Setting this value to C<0> allows the error mode to not be triggered if any
--continuous test fails. The default value of C<1> will trigger the error mode.
--Regardless of the value, the operation (e.g., key generation) that called the
--continuous test will return an error code if its continuous test fails. The
--operation may then be retried if the error mode has not been triggered.
--
--=item B<security-checks>
--
--This indicates if run-time checks related to enforcement of security parameters
--such as minimum security strength of keys and approved curve names are used.
--A value of '1' will perform the checks, otherwise if the value is '0' the checks
--are not performed and FIPS compliance must be done by procedures documented in
--the relevant Security Policy.
--
--=item B<module-mac>
--
--The calculated MAC of the FIPS provider file.
--
--=item B<install-status>
--
--An indicator that the self-tests were successfully run.
--This should only be written after the module has
--successfully passed its self tests during installation.
--If this field is not present, then the self tests will run when the module
--loads.
--
--=item B<install-mac>
--
--A MAC of the value of the B<install-status> option, to prevent accidental
--changes to that value.
--It is written-to at the same time as B<install-status> is updated.
--
--=back
--
--For example:
--
-- [fips_sect]
-- activate = 1
-- install-version = 1
-- conditional-errors = 1
-- security-checks = 1
-- module-mac = 41:D0:FA:C2:5D:41:75:CD:7D:C3:90:55:6F:A4:DC
-- install-mac = FE:10:13:5A:D3:B4:C7:82:1B:1E:17:4C:AC:84:0C
-- install-status = INSTALL_SELF_TEST_KATS_RUN
--
--=head1 NOTES
--
--When using the FIPS provider, it is recommended that the
--B<config_diagnostics> option is enabled to prevent accidental use of
--non-FIPS validated algorithms via broken or mistaken configuration.
--See L<config(5)>.
--
--=head1 SEE ALSO
--
--L<config(5)>
--L<openssl-fipsinstall(1)>
-+This command is disabled in Red Hat Enterprise Linux. The FIPS provider is
-+automatically loaded when the system is booted in FIPS mode, or when the
-+environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
-+for more information.
-
- =head1 HISTORY
-
-diff --git a/doc/man7/OSSL_PROVIDER-FIPS.pod b/doc/man7/OSSL_PROVIDER-FIPS.pod
-index 4f908888ba..ef00247770 100644
---- a/doc/man7/OSSL_PROVIDER-FIPS.pod
-+++ b/doc/man7/OSSL_PROVIDER-FIPS.pod
-@@ -444,7 +444,6 @@ want to operate in a FIPS approved manner. The algorithms are:
-
- =head1 SEE ALSO
-
--L<openssl-fipsinstall(1)>,
- L<fips_config(5)>,
- L<OSSL_SELF_TEST_set_callback(3)>,
- L<OSSL_SELF_TEST_new(3)>,
---
-2.41.0
-
diff --git a/0035-FIPS-Enforce-EMS-in-TLS-1.2-NOTE.patch b/0035-FIPS-Enforce-EMS-in-TLS-1.2-NOTE.patch
new file mode 100644
index 0000000..bf79b47
--- /dev/null
+++ b/0035-FIPS-Enforce-EMS-in-TLS-1.2-NOTE.patch
@@ -0,0 +1,192 @@
+From 86a571c71b542252f0593dfb6004a266a8f55c1b Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Wed, 6 Mar 2024 19:17:17 +0100
+Subject: [PATCH 35/49] FIPS: Enforce EMS in TLS 1.2 - NOTE
+
+NOTE: Enforcement of EMS in non-FIPS mode has been dropped due to code
+change the option to enforce it seem to be available only in FIPS build
+
+Patch-name: 0114-FIPS-enforce-EMS-support.patch
+Patch-id: 114
+Patch-status: |
+ # # We believe that some changes present in CentOS are not necessary
+ # # because ustream has a check for FIPS version
+From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
+---
+ doc/man3/SSL_CONF_cmd.pod | 3 +++
+ doc/man5/fips_config.pod | 13 +++++++++++++
+ include/openssl/ssl.h.in | 1 +
+ providers/fips/include/fips_indicator_params.inc | 2 +-
+ ssl/ssl_conf.c | 1 +
+ ssl/statem/extensions_srvr.c | 8 +++++++-
+ ssl/t1_enc.c | 11 +++++++++--
+ test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt | 10 ++++++++++
+ test/sslapitest.c | 2 +-
+ 9 files changed, 46 insertions(+), 5 deletions(-)
+
+diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
+index e2c1e69847..009b683b27 100644
+--- a/doc/man3/SSL_CONF_cmd.pod
++++ b/doc/man3/SSL_CONF_cmd.pod
+@@ -621,6 +621,9 @@ B<ExtendedMasterSecret>: use extended master secret extension, enabled by
+ default. Inverse of B<SSL_OP_NO_EXTENDED_MASTER_SECRET>: that is,
+ B<-ExtendedMasterSecret> is the same as setting B<SSL_OP_NO_EXTENDED_MASTER_SECRET>.
+
++B<RHNoEnforceEMSinFIPS>: allow establishing connections without EMS in FIPS mode.
++This is a RedHat-based OS specific option, and normally it should be set up via crypto policies.
++
+ B<CANames>: use CA names extension, enabled by
+ default. Inverse of B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>: that is,
+ B<-CANames> is the same as setting B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>.
+diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
+index 15748c5756..34cbfbb2ad 100644
+--- a/doc/man5/fips_config.pod
++++ b/doc/man5/fips_config.pod
+@@ -11,6 +11,19 @@ automatically loaded when the system is booted in FIPS mode, or when the
+ environment variable B<OPENSSL_FORCE_FIPS_MODE> is set. See the documentation
+ for more information.
+
++Red Hat Enterprise Linux uses a supplementary config for FIPS module located in
++OpenSSL configuration directory and managed by crypto policies. If present, it
++should have format
++
++ [fips_sect]
++ tls1-prf-ems-check = 0
++ activate = 1
++
++The B<tls1-prf-ems-check> option specifies whether FIPS module will require the
++presence of extended master secret or not.
++
++The B<activate> option enforces FIPS provider activation.
++
+ =head1 COPYRIGHT
+
+ Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
+index 0b2232b01c..99b2ad4eb3 100644
+--- a/include/openssl/ssl.h.in
++++ b/include/openssl/ssl.h.in
+@@ -417,6 +417,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
+ * interoperability with CryptoPro CSP 3.x
+ */
+ # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31)
++# define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48)
+ /*
+ * Disable RFC8879 certificate compression
+ * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
+diff --git a/providers/fips/include/fips_indicator_params.inc b/providers/fips/include/fips_indicator_params.inc
+index 6bd783eb0a..afd5dcef23 100644
+--- a/providers/fips/include/fips_indicator_params.inc
++++ b/providers/fips/include/fips_indicator_params.inc
+@@ -1,5 +1,5 @@
+ OSSL_FIPS_PARAM(security_checks, SECURITY_CHECKS, 1)
+-OSSL_FIPS_PARAM(tls1_prf_ems_check, TLS1_PRF_EMS_CHECK, 0)
++OSSL_FIPS_PARAM(tls1_prf_ems_check, TLS1_PRF_EMS_CHECK, 1)
+ OSSL_FIPS_PARAM(no_short_mac, NO_SHORT_MAC, 1)
+ OSSL_FIPS_PARAM(hmac_key_check, HMAC_KEY_CHECK, 0)
+ OSSL_FIPS_PARAM(kmac_key_check, KMAC_KEY_CHECK, 0)
+diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
+index 946d20be52..b52c1675fd 100644
+--- a/ssl/ssl_conf.c
++++ b/ssl/ssl_conf.c
+@@ -394,6 +394,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
+ SSL_FLAG_TBL("ClientRenegotiation",
+ SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
+ SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
++ SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_RH_PERMIT_NOEMS_FIPS),
+ SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
+ SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
+ SSL_FLAG_TBL("PreferNoDHEKEX", SSL_OP_PREFER_NO_DHE_KEX),
+diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
+index dd771207f6..48db802b1f 100644
+--- a/ssl/statem/extensions_srvr.c
++++ b/ssl/statem/extensions_srvr.c
+@@ -12,6 +12,7 @@
+ #include "statem_local.h"
+ #include "internal/cryptlib.h"
+ #include "internal/ssl_unwrap.h"
++#include <openssl/fips.h>
+
+ #define COOKIE_STATE_FORMAT_VERSION 1
+
+@@ -1874,8 +1875,13 @@ EXT_RETURN tls_construct_stoc_ems(SSL_CONNECTION *s, WPACKET *pkt,
+ unsigned int context,
+ X509 *x, size_t chainidx)
+ {
+- if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
++ if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) {
++ if (FIPS_mode() && !(SSL_get_options(SSL_CONNECTION_GET_SSL(s)) & SSL_OP_RH_PERMIT_NOEMS_FIPS) ) {
++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
++ return EXT_RETURN_FAIL;
++ }
+ return EXT_RETURN_NOT_SENT;
++ }
+
+ if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
+ || !WPACKET_put_bytes_u16(pkt, 0)) {
+diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
+index 474ea7bf5b..e0e595e989 100644
+--- a/ssl/t1_enc.c
++++ b/ssl/t1_enc.c
+@@ -21,6 +21,7 @@
+ #include <openssl/obj_mac.h>
+ #include <openssl/core_names.h>
+ #include <openssl/trace.h>
++#include <openssl/fips.h>
+
+ /* seed1 through seed5 are concatenated */
+ static int tls1_PRF(SSL_CONNECTION *s,
+@@ -78,8 +79,14 @@ static int tls1_PRF(SSL_CONNECTION *s,
+ }
+
+ err:
+- if (fatal)
+- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
++ if (fatal) {
++ /* The calls to this function are local so it's safe to implement the check */
++ if (FIPS_mode() && seed1_len >= TLS_MD_MASTER_SECRET_CONST_SIZE
++ && memcmp(seed1, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
++ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
++ else
++ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
++ }
+ else
+ ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
+ EVP_KDF_CTX_free(kctx);
+diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+index 50944328cb..edb2e81273 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
+@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c
+ Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
+ Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
+
++Availablein = fips
++KDF = TLS1-PRF
++Ctrl.digest = digest:SHA256
++Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
++Ctrl.label = seed:master secret
++Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
++Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
++Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
++Result = KDF_DERIVE_ERROR
++
+ FIPSversion = <=3.1.0
+ KDF = TLS1-PRF
+ Ctrl.digest = digest:SHA256
+diff --git a/test/sslapitest.c b/test/sslapitest.c
+index 7d6d738199..02a9afe250 100644
+--- a/test/sslapitest.c
++++ b/test/sslapitest.c
+@@ -575,7 +575,7 @@ static int test_client_cert_verify_cb(void)
+ STACK_OF(X509) *server_chain;
+ SSL_CTX *cctx = NULL, *sctx = NULL;
+ SSL *clientssl = NULL, *serverssl = NULL;
+- int testresult = 0;
++ int testresult = 0, status;
+
+ if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+ TLS_client_method(), TLS1_VERSION, 0,
+--
+2.48.1
+
diff --git a/0035-speed-skip-unavailable-dgst.patch b/0035-speed-skip-unavailable-dgst.patch
deleted file mode 100644
index d52d5e1..0000000
--- a/0035-speed-skip-unavailable-dgst.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 213f38dc580d39f2cb46592b5e6db585fc6a650f Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:28 +0200
-Subject: [PATCH 19/35] 0035-speed-skip-unavailable-dgst.patch
-
-Patch-name: 0035-speed-skip-unavailable-dgst.patch
-Patch-id: 35
-Patch-status: |
- # Skip unavailable algorithms running `openssl speed`
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
----
- apps/speed.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/apps/speed.c b/apps/speed.c
-index d527f12f18..2ff3eb53bd 100644
---- a/apps/speed.c
-+++ b/apps/speed.c
-@@ -610,6 +610,9 @@ static int EVP_MAC_loop(int algindex, void *args)
- for (count = 0; COND(c[algindex][testnum]); count++) {
- size_t outl;
-
-+ if (mctx == NULL)
-+ return -1;
-+
- if (!EVP_MAC_init(mctx, NULL, 0, NULL)
- || !EVP_MAC_update(mctx, buf, lengths[testnum])
- || !EVP_MAC_final(mctx, mac, &outl, sizeof(mac)))
---
-2.41.0
-
diff --git a/0036-FIPS-Set-default-padding-to-OAEP-in-CMS.patch b/0036-FIPS-Set-default-padding-to-OAEP-in-CMS.patch
new file mode 100644
index 0000000..7ed6417
--- /dev/null
+++ b/0036-FIPS-Set-default-padding-to-OAEP-in-CMS.patch
@@ -0,0 +1,61 @@
+From 32445088a89356cb7079df275cdc1da2db2eb8f0 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Thu, 13 Feb 2025 18:08:34 -0500
+Subject: [PATCH 36/49] FIPS: Set default padding to OAEP in CMS
+
+From-dist-git-commit: d508cbed930481c1960d6a6bc1e1a9593252dbbe
+---
+ apps/cms.c | 1 +
+ crypto/cms/cms_env.c | 10 ++++++++++
+ 2 files changed, 11 insertions(+)
+
+diff --git a/apps/cms.c b/apps/cms.c
+index 5227ec2357..0ca5280580 100644
+--- a/apps/cms.c
++++ b/apps/cms.c
+@@ -20,6 +20,7 @@
+ #include <openssl/x509_vfy.h>
+ #include <openssl/x509v3.h>
+ #include <openssl/cms.h>
++#include <openssl/fips.h>
+
+ static int save_certs(char *signerfile, STACK_OF(X509) *signers);
+ static int cms_cb(int ok, X509_STORE_CTX *ctx);
+diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
+index 375239c78d..e09ad03ece 100644
+--- a/crypto/cms/cms_env.c
++++ b/crypto/cms/cms_env.c
+@@ -14,6 +14,7 @@
+ #include <openssl/err.h>
+ #include <openssl/cms.h>
+ #include <openssl/evp.h>
++#include <openssl/fips.h>
+ #include "internal/sizes.h"
+ #include "crypto/asn1.h"
+ #include "crypto/evp.h"
+@@ -375,6 +376,10 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
+ return 0;
+ if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
+ return 0;
++ if (FIPS_mode()) {
++ if (EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_padding_mode", "oaep") <= 0)
++ return 0;
++ }
+ } else if (!ossl_cms_env_asn1_ctrl(ri, 0))
+ return 0;
+ return 1;
+@@ -540,6 +545,11 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
+
+ if (EVP_PKEY_encrypt_init(pctx) <= 0)
+ goto err;
++
++ if (FIPS_mode()) {
++ if (EVP_PKEY_CTX_ctrl_str(pctx, "rsa_padding_mode", "oaep") <= 0)
++ goto err;
++ }
+ }
+
+ if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
+--
+2.48.1
+
diff --git a/0037-FIPS-PBMAC1-PKCS12-defaults.patch b/0037-FIPS-PBMAC1-PKCS12-defaults.patch
new file mode 100644
index 0000000..0ddf380
--- /dev/null
+++ b/0037-FIPS-PBMAC1-PKCS12-defaults.patch
@@ -0,0 +1,35 @@
+From 75ccb3b85aa04abbd0394fc81871b4d69683a3a8 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Thu, 13 Feb 2025 18:16:29 -0500
+Subject: [PATCH 37/49] FIPS: PBMAC1 PKCS12 defaults
+
+From-dist-git-commit: 8fc2d4842385584094d57f6f66fcbc2a07865708
+---
+ apps/pkcs12.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/apps/pkcs12.c b/apps/pkcs12.c
+index 9964faf21a..59439a8cc0 100644
+--- a/apps/pkcs12.c
++++ b/apps/pkcs12.c
+@@ -17,6 +17,7 @@
+ #include <openssl/asn1.h>
+ #include <openssl/crypto.h>
+ #include <openssl/err.h>
++#include <openssl/evp.h>
+ #include <openssl/pem.h>
+ #include <openssl/pkcs12.h>
+ #include <openssl/provider.h>
+@@ -709,6 +710,9 @@ int pkcs12_main(int argc, char **argv)
+ }
+
+ if (maciter != -1) {
++ if (EVP_default_properties_is_fips_enabled(NULL))
++ pbmac1_pbkdf2 = 1;
++
+ if (pbmac1_pbkdf2 == 1) {
+ if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL,
+ macsaltlen, maciter,
+--
+2.48.1
+
diff --git a/0038-FIPS-Fix-encoder-decoder-negative-test.patch b/0038-FIPS-Fix-encoder-decoder-negative-test.patch
new file mode 100644
index 0000000..ad0bb03
--- /dev/null
+++ b/0038-FIPS-Fix-encoder-decoder-negative-test.patch
@@ -0,0 +1,35 @@
+From 5e1b4d0aad123985e3c95aa4f34151dacdb5fd09 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Wed, 5 Mar 2025 13:22:03 -0500
+Subject: [PATCH 38/49] FIPS: Fix encoder/decoder negative test
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ test/recipes/04-test_encoder_decoder.t | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+ mode change 100644 => 100755 test/recipes/04-test_encoder_decoder.t
+
+diff --git a/test/recipes/04-test_encoder_decoder.t b/test/recipes/04-test_encoder_decoder.t
+old mode 100644
+new mode 100755
+index 2acc980e90..660d4e1115
+--- a/test/recipes/04-test_encoder_decoder.t
++++ b/test/recipes/04-test_encoder_decoder.t
+@@ -75,10 +75,10 @@ SKIP: {
+ }
+ my $no_des = disabled("des");
+ SKIP: {
+- skip "MD5 disabled", 2 if disabled("md5");
+- ok(run(app([ 'openssl', 'genrsa', '-aes128', '-out', 'epki.pem',
+- '-traditional', '-passout', 'pass:pass' ])),
+- "rsa encrypted using a non fips algorithm MD5 in pbe");
++ skip "DES disabled", 2 if disabled("des3");
++ ok(run(app([ 'openssl', 'genrsa', '-des3', '-out', 'epki.pem',
++ '-traditional', '-passout', 'pass:pass'])),
++ "rsa encrypted using a non fips algorithm DES3 in pbe");
+
+ my $conf2 = srctop_file("test", "default-and-fips.cnf");
+ ok(run(test(['decoder_propq_test', '-config', $conf2,
+--
+2.48.1
+
diff --git a/0039-FIPS-disable-weak-EC-curves.patch b/0039-FIPS-disable-weak-EC-curves.patch
new file mode 100644
index 0000000..9cd1869
--- /dev/null
+++ b/0039-FIPS-disable-weak-EC-curves.patch
@@ -0,0 +1,31 @@
+From a78e4ce31b630fad0f938bcdd37790702aebb498 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Fri, 7 Mar 2025 18:06:36 -0500
+Subject: [PATCH 39/49] FIPS: disable weak EC curves
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ apps/ecparam.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/apps/ecparam.c b/apps/ecparam.c
+index f0879dfb11..a6042e7d2a 100644
+--- a/apps/ecparam.c
++++ b/apps/ecparam.c
+@@ -77,6 +77,13 @@ static int list_builtin_curves(BIO *out)
+ const char *comment = curves[n].comment;
+ const char *sname = OBJ_nid2sn(curves[n].nid);
+
++ if (((curves[n].nid == NID_secp256k1) || (curves[n].nid == NID_brainpoolP256r1)
++ || (curves[n].nid == NID_brainpoolP256t1) || (curves[n].nid == NID_brainpoolP320r1)
++ || (curves[n].nid == NID_brainpoolP320t1) || (curves[n].nid == NID_brainpoolP384r1)
++ || (curves[n].nid == NID_brainpoolP384t1) || (curves[n].nid == NID_brainpoolP512r1)
++ || (curves[n].nid == NID_brainpoolP512t1)) && EVP_default_properties_is_fips_enabled(NULL))
++ continue;
++
+ if (comment == NULL)
+ comment = "CURVE DESCRIPTION NOT AVAILABLE";
+ if (sname == NULL)
+--
+2.48.1
+
diff --git a/0040-FIPS-NO-DSA-Support.patch b/0040-FIPS-NO-DSA-Support.patch
new file mode 100644
index 0000000..54d6245
--- /dev/null
+++ b/0040-FIPS-NO-DSA-Support.patch
@@ -0,0 +1,380 @@
+From 5558b44405e879bab1a40060de67eda52aedd1f9 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Fri, 7 Mar 2025 18:10:52 -0500
+Subject: [PATCH 40/49] FIPS: NO DSA Support
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ providers/fips/fipsprov.c | 8 +++++---
+ providers/fips/self_test_data.inc | 6 +++++-
+ test/acvp_test.c | 2 ++
+ test/endecode_test.c | 2 ++
+ test/recipes/15-test_gendsa.t | 2 +-
+ test/recipes/20-test_cli_fips.t | 3 +--
+ test/recipes/30-test_evp.t | 1 -
+ test/recipes/30-test_evp_data/evppkey_dsa.txt | 18 ++++++++++++++++-
+ test/recipes/80-test_cms.t | 20 +++++++++----------
+ 9 files changed, 43 insertions(+), 19 deletions(-)
+
+diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
+index 373cd1c2e4..2c5b7e3229 100644
+--- a/providers/fips/fipsprov.c
++++ b/providers/fips/fipsprov.c
+@@ -430,7 +430,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
+ };
+
+ static const OSSL_ALGORITHM fips_signature[] = {
+-#ifndef OPENSSL_NO_DSA
++/* We don't certify DSA in our FIPS provider */
++#if 0 /* #ifndef OPENSSL_NO_DSA */
+ { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
+ { PROV_NAMES_DSA_SHA1, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha1_signature_functions },
+ { PROV_NAMES_DSA_SHA224, FIPS_DEFAULT_PROPERTIES, ossl_dsa_sha224_signature_functions },
+@@ -560,8 +561,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
+ PROV_DESCS_DHX },
+ #endif
+ #ifndef OPENSSL_NO_DSA
+- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
+- PROV_DESCS_DSA },
++ /* We don't certify DSA in our FIPS provider */
++ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
++ PROV_DESCS_DSA }, */
+ #endif
+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
+ PROV_DESCS_RSA },
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index 5cbb5352a5..10ca473764 100644
+--- a/providers/fips/self_test_data.inc
++++ b/providers/fips/self_test_data.inc
+@@ -1522,8 +1522,9 @@ static const unsigned char ed448_expected_sig[] = {
+ # endif /* OPENSSL_NO_ECX */
+ #endif /* OPENSSL_NO_EC */
+
+-#ifndef OPENSSL_NO_DSA
+ /* dsa 2048 */
++#if 0
++#ifndef OPENSSL_NO_DSA
+ static const unsigned char dsa_p[] = {
+ 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
+ 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
+@@ -1651,6 +1652,7 @@ static const ST_KAT_PARAM dsa_key[] = {
+ ST_KAT_PARAM_END()
+ };
+ #endif /* OPENSSL_NO_DSA */
++#endif
+
+ #ifndef OPENSSL_NO_ML_DSA
+ static const unsigned char ml_dsa_65_pub_key[] = {
+@@ -3013,6 +3015,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ },
+ # endif /* OPENSSL_NO_ECX */
+ #endif /* OPENSSL_NO_EC */
++#if 0
+ #ifndef OPENSSL_NO_DSA
+ {
+ OSSL_SELF_TEST_DESC_SIGN_DSA,
+@@ -3025,6 +3028,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ ITM(dsa_expected_sig)
+ },
+ #endif /* OPENSSL_NO_DSA */
++#endif
+
+ #ifndef OPENSSL_NO_ML_DSA
+ {
+diff --git a/test/acvp_test.c b/test/acvp_test.c
+index 2bcc886fd2..db0282d043 100644
+--- a/test/acvp_test.c
++++ b/test/acvp_test.c
+@@ -1735,6 +1735,7 @@ int setup_tests(void)
+ OSSL_NELEM(dh_safe_prime_keyver_data));
+ #endif /* OPENSSL_NO_DH */
+
++#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */
+ #ifndef OPENSSL_NO_DSA
+ dsasign_allowed = fips_provider_version_lt(libctx, 3, 4, 0);
+ ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
+@@ -1743,6 +1744,7 @@ int setup_tests(void)
+ ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
+ ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
+ #endif /* OPENSSL_NO_DSA */
++#endif
+
+ #ifndef OPENSSL_NO_EC
+ ec_cofactors = fips_provider_version_ge(libctx, 3, 4, 0);
+diff --git a/test/endecode_test.c b/test/endecode_test.c
+index d2ff9e6eb6..dfd5e92f7e 100644
+--- a/test/endecode_test.c
++++ b/test/endecode_test.c
+@@ -1536,6 +1536,7 @@ int setup_tests(void)
+ * so no legacy tests.
+ */
+ #endif
++ if (is_fips == 0) {
+ #ifndef OPENSSL_NO_DSA
+ ADD_TEST_SUITE(DSA);
+ ADD_TEST_SUITE_PARAMS(DSA);
+@@ -1546,6 +1547,7 @@ int setup_tests(void)
+ ADD_TEST_SUITE_PROTECTED_PVK(DSA);
+ # endif
+ #endif
++ }
+ #ifndef OPENSSL_NO_EC
+ ADD_TEST(ec_encode_to_data_multi);
+ ADD_TEST_SUITE(EC);
+diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t
+index cd331c4cfc..e21d6acda4 100644
+--- a/test/recipes/15-test_gendsa.t
++++ b/test/recipes/15-test_gendsa.t
+@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
+ plan skip_all => "This test is unsupported in a no-dsa build"
+ if disabled("dsa");
+
+-my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
++my $no_fips = 1;
+
+ plan tests =>
+ ($no_fips ? 0 : 2) # FIPS related tests
+diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t
+index 2abc4d2434..9a6875b3ec 100644
+--- a/test/recipes/20-test_cli_fips.t
++++ b/test/recipes/20-test_cli_fips.t
+@@ -283,8 +283,7 @@ SKIP: {
+ }
+
+ SKIP : {
+- skip "FIPS DSA tests because of no dsa in this build", 1
+- if disabled("dsa") || $dsasignpass == '0';
++ skip "FIPS DSA tests because of no dsa in this build", 1;
+
+ subtest DSA => sub {
+ my $testtext_prefix = 'DSA';
+diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
+index a86456157b..ef3e7a334d 100644
+--- a/test/recipes/30-test_evp.t
++++ b/test/recipes/30-test_evp.t
+@@ -166,7 +166,6 @@ my @defltfiles = qw(
+ push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
+ push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec;
+ push @defltfiles, qw(evppkey_ecx_kem.txt) unless $no_ecx;
+-push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
+ push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
+ push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
+ push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
+diff --git a/test/recipes/30-test_evp_data/evppkey_dsa.txt b/test/recipes/30-test_evp_data/evppkey_dsa.txt
+index 5e5315a5b9..660d1db149 100644
+--- a/test/recipes/30-test_evp_data/evppkey_dsa.txt
++++ b/test/recipes/30-test_evp_data/evppkey_dsa.txt
+@@ -44,17 +44,22 @@ PrivPubKeyPair = DSA-1024:DSA-1024-PUBLIC
+
+ Title = DSA tests
+
++## Red Hat all SHA1 tests are unavailable
++
++Availablein = none
+ Verify = DSA-1024
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
+
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d87
+
+ # Modified signature
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+@@ -62,6 +67,7 @@ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239
+ Result = VERIFY_ERROR
+
+ # Digest too short
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF123"
+@@ -69,6 +75,7 @@ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239
+ Result = VERIFY_ERROR
+
+ # Digest too long
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF12345"
+@@ -76,12 +83,14 @@ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239
+ Result = VERIFY_ERROR
+
+ # Garbage after signature
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Input = "0123456789ABCDEF1234"
+ Output = 302d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f2397f63c9fc8790e1a6cde5d8700
+ Result = VERIFY_ERROR
+
+ # Invalid tag
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+@@ -89,6 +98,7 @@ Output = 312d021500942b8c5850e05b59e24495116b1e8559e51b610e0214237aedf272d91f239
+ Result = VERIFY_ERROR
+
+ # BER signature
++Availablein = none
+ Verify = DSA-1024-PUBLIC
+ Ctrl = digest:SHA1
+ Input = "0123456789ABCDEF1234"
+@@ -277,6 +287,7 @@ Output = 00
+ Result = DIGESTSIGNINIT_ERROR
+
+ # Test sign with a 2048 bit key with N == 224 is allowed in fips mode
++Availablein = none
+ FIPSversion = <3.4.0
+ DigestSign = SHA256
+ Key = DSA-2048-224
+@@ -285,6 +296,7 @@ Output = 00
+ Result = SIGNATURE_MISMATCH
+
+ # Test sign with a 2048 bit key with N == 256 is allowed in fips mode
++Availablein = none
+ FIPSversion = <3.4.0
+ DigestSign = SHA256
+ Key = DSA-2048-256
+@@ -292,6 +304,7 @@ Input = "Hello"
+ Result = SIGNATURE_MISMATCH
+
+ # Test sign with a 3072 bit key with N == 256 is allowed in fips mode
++Availablein = none
+ FIPSversion = <3.4.0
+ DigestSign = SHA256
+ Key = DSA-3072-256
+@@ -299,6 +312,7 @@ Input = "Hello"
+ Result = SIGNATURE_MISMATCH
+
+ # Test sign with a 2048 bit SHA3 is allowed in fips mode
++Availablein = none
+ FIPSversion = <3.4.0
+ DigestSign = SHA3-224
+ Key = DSA-2048-256
+@@ -306,19 +320,21 @@ Input = "Hello"
+ Result = SIGNATURE_MISMATCH
+
+ # Test verify with a 1024 bit key is allowed in fips mode
++Availablein = default
+ DigestVerify = SHA256
+ Key = DSA-1024
+ Input = "Hello "
+ Output = 302c02142e32c8a5b0bd19b2ba33fd9c78aad3729dcb1b9e02142c006f7726a9d6833d414865b95167ea5f4f7713
+
+ # Test verify with SHA1 is allowed in fips mode
++Availablein = none
+ DigestVerify = SHA1
+ Key = DSA-1024
+ Input = "Hello "
+ Output = 302c0214602d21ed37e46051bb3d06cc002adddeb4cdb3bd02144f39f75587b286588862d06366b2f29bddaf8cf6
+
+ # Test verify with a 2048/160 bit key is allowed in fips mode
+-FIPSversion = >3.1.1
++Availablein = default
+ DigestVerify = SHA256
+ Key = DSA-2048-160
+ Input = "Hello"
+diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
+index b9b524ea14..c5ae04e9d1 100644
+--- a/test/recipes/80-test_cms.t
++++ b/test/recipes/80-test_cms.t
+@@ -104,7 +104,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content DER format, DSA key",
++ [ "signed content DER format, DSA key, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
+@@ -112,7 +112,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed detached content DER format, DSA key",
++ [ "signed detached content DER format, DSA key, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
+@@ -121,7 +121,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed detached content DER format, add RSA signer (with DSA existing)",
++ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+ [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER",
+@@ -132,7 +132,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content test streaming BER format, DSA key",
++ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-nodetach", "-stream",
+ "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
+@@ -141,7 +141,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-nodetach", "-stream",
+ "-signer", $smrsa1,
+@@ -154,7 +154,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-noattr", "-nodetach", "-stream",
+ "-signer", $smrsa1,
+@@ -184,7 +184,7 @@ my @smime_pkcs7_tests = (
+ \&zero_compare
+ ],
+
+- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
++ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach",
+ "-signer", $smrsa1,
+ "-signer", catfile($smdir, "smrsa2.pem"),
+@@ -196,7 +196,7 @@ my @smime_pkcs7_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
++ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont,
+ "-signer", $smrsa1,
+ "-signer", catfile($smdir, "smrsa2.pem"),
+@@ -262,7 +262,7 @@ if ($no_fips || $old_fips) {
+
+ my @smime_cms_tests = (
+
+- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
++ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
+ "-nodetach", "-keyid",
+ "-signer", $smrsa1,
+@@ -275,7 +275,7 @@ my @smime_cms_tests = (
+ \&final_compare
+ ],
+
+- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
++ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
+ [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
+ "-signer", $smrsa1,
+ "-signer", catfile($smdir, "smrsa2.pem"),
+--
+2.48.1
+
diff --git a/0041-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch b/0041-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch
new file mode 100644
index 0000000..9b36c42
--- /dev/null
+++ b/0041-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch
@@ -0,0 +1,34 @@
+From 19448eba26320b95ea96e0942500fadda292797b Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Fri, 7 Mar 2025 18:12:33 -0500
+Subject: [PATCH 41/49] FIPS: Red Hat's FIPS module name and version
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ providers/fips/fipsprov.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
+index 2c5b7e3229..7999744b5a 100644
+--- a/providers/fips/fipsprov.c
++++ b/providers/fips/fipsprov.c
+@@ -199,13 +199,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
+ OSSL_LIB_CTX_FIPS_PROV_INDEX);
+
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
+- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, FIPS_VENDOR))
++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VENDOR))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
+- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
+- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
++ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
+ if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
+--
+2.48.1
+
diff --git a/0042-FIPS-NO-DES-support.patch b/0042-FIPS-NO-DES-support.patch
new file mode 100644
index 0000000..9592073
--- /dev/null
+++ b/0042-FIPS-NO-DES-support.patch
@@ -0,0 +1,155 @@
+From 22b58cfe5ba89107976d2a176ebe62f434d8e88e Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Fri, 7 Mar 2025 18:15:13 -0500
+Subject: [PATCH 42/49] FIPS: NO DES support
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ providers/fips/fipsprov.c | 3 ++-
+ providers/fips/self_test_data.inc | 5 ++++-
+ test/evp_libctx_test.c | 4 +++-
+ .../30-test_evp_data/evpciph_des3_common.txt | 13 ++++---------
+ test/recipes/80-test_cms.t | 2 +-
+ 5 files changed, 14 insertions(+), 13 deletions(-)
+
+diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
+index 7999744b5a..30f0c8ca14 100644
+--- a/providers/fips/fipsprov.c
++++ b/providers/fips/fipsprov.c
+@@ -354,7 +354,8 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
+ ossl_cipher_capable_aes_cbc_hmac_sha256),
+ ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
+ ossl_cipher_capable_aes_cbc_hmac_sha256),
+-#ifndef OPENSSL_NO_DES
++/* We don't certify 3DES in our FIPS provider */
++#if 0 /* ifndef OPENSSL_NO_DES */
+ ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
+ ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
+ #endif /* OPENSSL_NO_DES */
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index 10ca473764..6a69e1687b 100644
+--- a/providers/fips/self_test_data.inc
++++ b/providers/fips/self_test_data.inc
+@@ -209,6 +209,7 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] =
+ /*- CIPHER TEST DATA */
+
+ /* DES3 test data */
++#if 0
+ static const unsigned char des_ede3_cbc_pt[] = {
+ 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
+ 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
+@@ -229,7 +230,7 @@ static const unsigned char des_ede3_cbc_ct[] = {
+ 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
+ 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
+ };
+-
++#endif
+ /* AES-256 GCM test data */
+ static const unsigned char aes_256_gcm_key[] = {
+ 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
+@@ -315,6 +316,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
+ CIPHER_MODE_DECRYPT,
+ ITM(aes_128_ecb_key)
+ },
++#if 0
+ #ifndef OPENSSL_NO_DES
+ {
+ {
+@@ -327,6 +329,7 @@ static const ST_KAT_CIPHER st_kat_cipher_tests[] = {
+ ITM(tdes_key)
+ }
+ #endif
++#endif
+ };
+
+ static const char hkdf_digest[] = "SHA256";
+diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
+index 2838f343bd..19dd2c6c63 100644
+--- a/test/evp_libctx_test.c
++++ b/test/evp_libctx_test.c
+@@ -831,7 +831,9 @@ int setup_tests(void)
+ ADD_TEST(kem_invalid_keytype);
+ #endif
+ #ifndef OPENSSL_NO_DES
+- ADD_TEST(test_cipher_tdes_randkey);
++ if (strcmp(prov_name, "fips") != 0) {
++ ADD_TEST(test_cipher_tdes_randkey);
++ }
+ #endif
+ return 1;
+ }
+diff --git a/test/recipes/30-test_evp_data/evpciph_des3_common.txt b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+index 1947e21f74..119b75d9ce 100644
+--- a/test/recipes/30-test_evp_data/evpciph_des3_common.txt
++++ b/test/recipes/30-test_evp_data/evpciph_des3_common.txt
+@@ -14,7 +14,7 @@
+ Title = DES3 Tests
+
+ # DES EDE3 CBC tests (from destest)
+-FIPSversion = <3.4.0
++Availablein = default
+ Cipher = DES-EDE3-CBC
+ Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+ IV = fedcba9876543210
+@@ -24,8 +24,7 @@ NextIV = 1c673812cfde9675
+
+ # DES EDE3 ECB test
+ # FIPS(3.0.0): has a bug in the IV length #17591
+-FIPSversion = >3.0.0
+-FIPSversion = <3.4.0
++Availablein = default
+ Cipher = DES-EDE3-ECB
+ Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+@@ -42,7 +41,6 @@ Ciphertext = 4d1332e49f380e23d80a0d8b2bae5e4e6a0094171abcfc27df2bfd40da9f4e4d
+
+ # Test that DES3 CBC mode encryption fails because it is not FIPS approved
+ Availablein = fips
+-FIPSversion = >=3.4.0
+ Cipher = DES-EDE3-CBC
+ Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+ IV = fedcba9876543210
+@@ -52,7 +50,6 @@ Result = CIPHERINIT_ERROR
+
+ # Test that DES3 EBC mode encryption fails because it is not FIPS approved
+ Availablein = fips
+-FIPSversion = >=3.4.0
+ Cipher = DES-EDE3-ECB
+ Key = 0123456789abcdeff1e0d3c2b5a49786fedcba9876543210
+ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+@@ -62,8 +59,7 @@ Result = CIPHERINIT_ERROR
+ Title = DES3 FIPS Indicator Tests
+
+ # Test that DES3 CBC mode encryption is not FIPS approved
+-Availablein = fips
+-FIPSversion = >=3.4.0
++Availablein = none
+ Cipher = DES-EDE3-CBC
+ Unapproved = 1
+ CtrlInit = encrypt-check:0
+@@ -74,8 +70,7 @@ Plaintext = 37363534333231204E6F77206973207468652074696D6520666F722000000000
+ Ciphertext = 3FE301C962AC01D02213763C1CBD4CDC799657C064ECF5D41C673812CFDE9675
+
+ # Test that DES3 ECB mode encryption is not FIPS approved
+-Availablein = fipss
+-FIPSversion = >=3.4.0
++Availablein = none
+ Cipher = DES-EDE3-ECB
+ Operation = ENCRYPT
+ Unapproved = 1
+diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
+index c5ae04e9d1..1193d25fb4 100644
+--- a/test/recipes/80-test_cms.t
++++ b/test/recipes/80-test_cms.t
+@@ -395,7 +395,7 @@ my @smime_cms_tests = (
+ \&final_compare
+ ],
+
+- [ "encrypted content test streaming PEM format, triple DES key",
++ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS",
+ [ "{cmd1}", @defaultprov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+ "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
+ "-stream", "-out", "{output}.cms" ],
+--
+2.48.1
+
diff --git a/0043-FIPS-RSA-size-mode-restrictions.patch b/0043-FIPS-RSA-size-mode-restrictions.patch
new file mode 100644
index 0000000..2cd6378
--- /dev/null
+++ b/0043-FIPS-RSA-size-mode-restrictions.patch
@@ -0,0 +1,402 @@
+From 3e6172f3c5ad32af9b00b3e838de14dd01eba48e Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Fri, 7 Mar 2025 18:20:30 -0500
+Subject: [PATCH 43/49] FIPS: RSA size/mode restrictions
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ providers/implementations/signature/rsa_sig.c | 26 +++++++++
+ ssl/ssl_ciph.c | 3 +
+ test/recipes/30-test_evp_data/evppkey_rsa.txt | 55 ++++++++++++++++++-
+ 3 files changed, 83 insertions(+), 1 deletion(-)
+
+diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
+index 810d794fc5..c7f6c573d3 100644
+--- a/providers/implementations/signature/rsa_sig.c
++++ b/providers/implementations/signature/rsa_sig.c
+@@ -938,6 +938,19 @@ static int rsa_verify_recover(void *vprsactx,
+ {
+ PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
+ int ret;
++# ifdef FIPS_MODULE
++ size_t rsabits = RSA_bits(prsactx->rsa);
++
++ if (rsabits < 2048) {
++ if (rsabits != 1024
++ && rsabits != 1280
++ && rsabits != 1536
++ && rsabits != 1792) {
++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
++ return 0;
++ }
++ }
++# endif
+
+ if (!ossl_prov_is_running())
+ return 0;
+@@ -1032,6 +1045,19 @@ static int rsa_verify_directly(PROV_RSA_CTX *prsactx,
+ const unsigned char *tbs, size_t tbslen)
+ {
+ size_t rslen;
++# ifdef FIPS_MODULE
++ size_t rsabits = RSA_bits(prsactx->rsa);
++
++ if (rsabits < 2048) {
++ if (rsabits != 1024
++ && rsabits != 1280
++ && rsabits != 1536
++ && rsabits != 1792) {
++ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
++ return 0;
++ }
++ }
++# endif
+
+ if (!ossl_prov_is_running())
+ return 0;
+diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
+index 19420d6c6a..5ab1ccee93 100644
+--- a/ssl/ssl_ciph.c
++++ b/ssl/ssl_ciph.c
+@@ -350,6 +350,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
+ ctx->disabled_mkey_mask = 0;
+ ctx->disabled_auth_mask = 0;
+
++ if (EVP_default_properties_is_fips_enabled(ctx->libctx))
++ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
++
+ /*
+ * We ignore any errors from the fetches below. They are expected to fail
+ * if these algorithms are not available.
+diff --git a/test/recipes/30-test_evp_data/evppkey_rsa.txt b/test/recipes/30-test_evp_data/evppkey_rsa.txt
+index f1dc5dd2a2..103556c750 100644
+--- a/test/recipes/30-test_evp_data/evppkey_rsa.txt
++++ b/test/recipes/30-test_evp_data/evppkey_rsa.txt
+@@ -268,8 +268,8 @@ TwIDAQAB
+
+ PrivPubKeyPair = RSA-PSS:RSA-PSS-DEFAULT
+
+-
+ # Wrong MGF1 digest
++Availablein = default
+ Verify = RSA-2048
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_pss_saltlen:0
+@@ -279,7 +279,19 @@ Input="0123456789ABCDEF0123456789ABCDEF"
+ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
+ Result = VERIFY_ERROR
+
++# Wrong MGF1 digest - In RHEL FIPS errors as set ctx before verify
++Availablein = fips
++Verify = RSA-2048
++Ctrl = rsa_padding_mode:pss
++Ctrl = rsa_pss_saltlen:0
++Ctrl = digest:sha256
++Ctrl = rsa_mgf1_md:sha1
++Input="0123456789ABCDEF0123456789ABCDEF"
++Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
++Result = PKEY_CTRL_ERROR
++
+ # Verify using default parameters
++Availablein = default
+ Verify = RSA-PSS-DEFAULT
+ Input="0123456789ABCDEF0123"
+ Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF
+@@ -303,36 +315,42 @@ fc6CnohE9iWxFeXpxKWc+PgRO2g0M2ov0mibRyy7Xlyr5nQ1DFm2wX4XaHT7Qvj8
+ PRdqAX7cYf0ybEszyQIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=5c81a3e2a658246628cd0ee8b00bb4c012bc9739
+ Output=014c5ba5338328ccc6e7a90bf1c0ab3fd606ff4796d3c12e4b639ed9136a5fec6c16d8884bdd99cfdc521456b0742b736868cf90de099adb8d5ffd1deff39ba4007ab746cefdb22d7df0e225f54627dc65466131721b90af445363a8358b9f607642f78fab0ab0f43b7168d64bae70d8827848d8ef1e421c5754ddf42c2589b5b3
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=27f71611446aa6eabf037f7dedeede3203244991
+ Output=010991656cca182b7f29d2dbc007e7ae0fec158eb6759cb9c45c5ff87c7635dd46d150882f4de1e9ae65e7f7d9018f6836954a47c0a81a8a6b6f83f2944d6081b1aa7c759b254b2c34b691da67cc0226e20b2f18b42212761dcd4b908a62b371b5918c5742af4b537e296917674fb914194761621cc19a41f6fb953fbcbb649dea
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=03ecc2c33e93f05fc7224fcc0d461356cb897217
+ Output=007f0030018f53cdc71f23d03659fde54d4241f758a750b42f185f87578520c30742afd84359b6e6e8d3ed959dc6fe486bedc8e2cf001f63a7abe16256a1b84df0d249fc05d3194ce5f0912742dbbf80dd174f6c51f6bad7f16cf3364eba095a06267dc3793803ac7526aebe0a475d38b8c2247ab51c4898df7047dc6adf52c6c4
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=246c727b4b9494849dddb068d582e179ac20999c
+ Output=009cd2f4edbe23e12346ae8c76dd9ad3230a62076141f16c152ba18513a48ef6f010e0e37fd3df10a1ec629a0cb5a3b5d2893007298c30936a95903b6ba85555d9ec3673a06108fd62a2fda56d1ce2e85c4db6b24a81ca3b496c36d4fd06eb7c9166d8e94877c42bea622b3bfe9251fdc21d8d5371badad78a488214796335b40b
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=e8617ca3ea66ce6a58ede2d11af8c3ba8a6ba912
+ Output=00ec430824931ebd3baa43034dae98ba646b8c36013d1671c3cf1cf8260c374b19f8e1cc8d965012405e7e9bf7378612dfcc85fce12cda11f950bd0ba8876740436c1d2595a64a1b32efcfb74a21c873b3cc33aaf4e3dc3953de67f0674c0453b4fd9f604406d441b816098cb106fe3472bc251f815f59db2e4378a3addc181ecf
+
++Availablein = default
+ Verify=RSA-PSS-2
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -348,36 +366,42 @@ nQ6tsIdYbKSJM9o8yVPZW9DtUN4Q3ctnNhB9bIMcf2Y+gzykwJfnAM4PuUX4j7hf
+ 6OWncxclZbkUpHGkQwIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=3552be69dd74bdc56d2cf8c38ef7bafe269040fe
+ Output=0088b135fb1794b6b96c4a3e678197f8cac52b64b2fe907d6f27de761124964a99a01a882740ecfaed6c01a47464bb05182313c01338a8cd097214cd68ca103bd57d3bc9e816213e61d784f182467abf8a01cf253e99a156eaa8e3e1f90e3c6e4e3aa2d83ed0345b89fafc9c26077c14b6ac51454fa26e446e3a2f153b2b16797f
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=609143ff7240e55c062aba8b9e4426a781919bc9
+ Output=02a5f0a858a0864a4f65017a7d69454f3f973a2999839b7bbc48bf78641169179556f595fa41f6ff18e286c2783079bc0910ee9cc34f49ba681124f923dfa88f426141a368a5f5a930c628c2c3c200e18a7644721a0cbec6dd3f6279bde3e8f2be5e2d4ee56f97e7ceaf33054be7042bd91a63bb09f897bd41e81197dee99b11af
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=0afd22f879a9cda7c584f4135f8f1c961db114c0
+ Output=0244bcd1c8c16955736c803be401272e18cb990811b14f72db964124d5fa760649cbb57afb8755dbb62bf51f466cf23a0a1607576e983d778fceffa92df7548aea8ea4ecad2c29dd9f95bc07fe91ecf8bee255bfe8762fd7690aa9bfa4fa0849ef728c2c42c4532364522df2ab7f9f8a03b63f7a499175828668f5ef5a29e3802c
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=405dd56d395ef0f01b555c48f748cc32b210650b
+ Output=0196f12a005b98129c8df13c4cb16f8aa887d3c40d96df3a88e7532ef39cd992f273abc370bc1be6f097cfebbf0118fd9ef4b927155f3df22b904d90702d1f7ba7a52bed8b8942f412cd7bd676c9d18e170391dcd345c06a730964b3f30bcce0bb20ba106f9ab0eeb39cf8a6607f75c0347f0af79f16afa081d2c92d1ee6f836b8
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=a2c313b0440c8a0c47233b87f0a160c61af3eae7
+ Output=021eca3ab4892264ec22411a752d92221076d4e01c0e6f0dde9afd26ba5acf6d739ef987545d16683e5674c9e70f1de649d7e61d48d0caeb4fb4d8b24fba84a6e3108fee7d0705973266ac524b4ad280f7ae17dc59d96d3351586b5a3bdb895d1e1f7820ac6135d8753480998382ba32b7349559608c38745290a85ef4e9f9bd83
+
++Availablein = default
+ Verify=RSA-PSS-3
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -393,36 +417,42 @@ MAz5u2xTrR3IoXi4FdtCNamp2gwG3k5hXqEnfOVZ6cEI3ljBSoGqd/Wm+NEzVJRJ
+ iEjIuVlAdAvnv3w3BQIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=f8b0abf70fec0bca74f0accbc24f75e6e90d3bfd
+ Output=0323d5b7bf20ba4539289ae452ae4297080feff4518423ff4811a817837e7d82f1836cdfab54514ff0887bddeebf40bf99b047abc3ecfa6a37a3ef00f4a0c4a88aae0904b745c846c4107e8797723e8ac810d9e3d95dfa30ff4966f4d75d13768d20857f2b1406f264cfe75e27d7652f4b5ed3575f28a702f8c4ed9cf9b2d44948
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=04a10944bfe11ab801e77889f3fd3d7f4ff0b629
+ Output=049d0185845a264d28feb1e69edaec090609e8e46d93abb38371ce51f4aa65a599bdaaa81d24fba66a08a116cb644f3f1e653d95c89db8bbd5daac2709c8984000178410a7c6aa8667ddc38c741f710ec8665aa9052be929d4e3b16782c1662114c5414bb0353455c392fc28f3db59054b5f365c49e1d156f876ee10cb4fd70598
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=ba01243db223eb97fb86d746c3148adaaa0ca344
+ Output=03fbc410a2ced59500fb99f9e2af2781ada74e13145624602782e2994813eefca0519ecd253b855fb626a90d771eae028b0c47a199cbd9f8e3269734af4163599090713a3fa910fa0960652721432b971036a7181a2bc0cab43b0b598bc6217461d7db305ff7e954c5b5bb231c39e791af6bcfa76b147b081321f72641482a2aad
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=934bb0d38d6836daec9de82a9648d4593da67cd2
+ Output=0486644bc66bf75d28335a6179b10851f43f09bded9fac1af33252bb9953ba4298cd6466b27539a70adaa3f89b3db3c74ab635d122f4ee7ce557a61e59b82ffb786630e5f9db53c77d9a0c12fab5958d4c2ce7daa807cd89ba2cc7fcd02ff470ca67b229fcce814c852c73cc93bea35be68459ce478e9d4655d121c8472f371d4f
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=ec35d81abd1cceac425a935758b683465c8bd879
+ Output=022a80045353904cb30cbb542d7d4990421a6eec16a8029a8422adfd22d6aff8c4cc0294af110a0c067ec86a7d364134459bb1ae8ff836d5a8a2579840996b320b19f13a13fad378d931a65625dae2739f0c53670b35d9d3cbac08e733e4ec2b83af4b9196d63e7c4ff1ddeae2a122791a125bfea8deb0de8ccf1f4ffaf6e6fb0a
+
++Availablein = default
+ Verify=RSA-PSS-4
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -438,18 +468,21 @@ pLDMjaMl7YqmdrDQ9ibgp38HaSFwrKyAgvQvqn3HzRI+cw4xqHmFIEyry+ZnDUOi
+ 3Sst3vXgU5L8ITvFBwIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-5
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=d98b7061943510bc3dd9162f7169aabdbdcd0222
+ Output=0ba373f76e0921b70a8fbfe622f0bf77b28a3db98e361051c3d7cb92ad0452915a4de9c01722f6823eeb6adf7e0ca8290f5de3e549890ac2a3c5950ab217ba58590894952de96f8df111b2575215da6c161590c745be612476ee578ed384ab33e3ece97481a252f5c79a98b5532ae00cdd62f2ecc0cd1baefe80d80b962193ec1d
+
++Availablein = default
+ Verify=RSA-PSS-5
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=7ae8e699f754988f4fd645e463302e49a2552072
+ Output=08180de825e4b8b014a32da8ba761555921204f2f90d5f24b712908ff84f3e220ad17997c0dd6e706630ba3e84add4d5e7ab004e58074b549709565d43ad9e97b5a7a1a29e85b9f90f4aafcdf58321de8c5974ef9abf2d526f33c0f2f82e95d158ea6b81f1736db8d1af3d6ac6a83b32d18bae0ff1b2fe27de4c76ed8c7980a34e
+
++Availablein = default
+ Verify=RSA-PSS-5
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -463,12 +496,14 @@ Ctrl = rsa_mgf1_md:sha1
+ Input=ee3de96783fd0a157c8b20bf5566124124dcfe65
+ Output=0bc989853bc2ea86873271ce183a923ab65e8a53100e6df5d87a24c4194eb797813ee2a187c097dd872d591da60c568605dd7e742d5af4e33b11678ccb63903204a3d080b0902c89aba8868f009c0f1c0cb85810bbdd29121abb8471ff2d39e49fd92d56c655c8e037ad18fafbdc92c95863f7f61ea9efa28fea401369d19daea1
+
++Availablein = default
+ Verify=RSA-PSS-5
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=1204df0b03c2724e2709c23fc71789a21b00ae4c
+ Output=0aefa943b698b9609edf898ad22744ac28dc239497cea369cbbd84f65c95c0ad776b594740164b59a739c6ff7c2f07c7c077a86d95238fe51e1fcf33574a4ae0684b42a3f6bf677d91820ca89874467b2c23add77969c80717430d0efc1d3695892ce855cb7f7011630f4df26def8ddf36fc23905f57fa6243a485c770d5681fcd
+
++Availablein = default
+ Verify=RSA-PSS-5
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -484,36 +519,42 @@ Kl8QsJwxGvjA/7W3opfy78Y7jWsFEJMfC5jki/X8bsTnuNsf+usIw44CrbjwOkgi
+ nJnpaUMfYcuMTcaY0QIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=ab464e8cb65ae5fdea47a53fa84b234d6bfd52f6
+ Output=04c0cfacec04e5badbece159a5a1103f69b3f32ba593cb4cc4b1b7ab455916a96a27cd2678ea0f46ba37f7fc9c86325f29733b389f1d97f43e7201c0f348fc45fe42892335362eee018b5b161f2f9393031225c713012a576bc88e23052489868d9010cbf033ecc568e8bc152bdc59d560e41291915d28565208e22aeec9ef85d1
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=92d0bcae82b641f578f040f5151be8eda6d42299
+ Output=0a2314250cf52b6e4e908de5b35646bcaa24361da8160fb0f9257590ab3ace42b0dc3e77ad2db7c203a20bd952fbb56b1567046ecfaa933d7b1000c3de9ff05b7d989ba46fd43bc4c2d0a3986b7ffa13471d37eb5b47d64707bd290cfd6a9f393ad08ec1e3bd71bb5792615035cdaf2d8929aed3be098379377e777ce79aaa4773
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=3569bd8fd2e28f2443375efa94f186f6911ffc2b
+ Output=086df6b500098c120f24ff8423f727d9c61a5c9007d3b6a31ce7cf8f3cbec1a26bb20e2bd4a046793299e03e37a21b40194fb045f90b18bf20a47992ccd799cf9c059c299c0526854954aade8a6ad9d97ec91a1145383f42468b231f4d72f23706d9853c3fa43ce8ace8bfe7484987a1ec6a16c8daf81f7c8bf42774707a9df456
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=7abbb7b42de335730a0b641f1e314b6950b84f98
+ Output=0b5b11ad549863ffa9c51a14a1106c2a72cc8b646e5c7262509786105a984776534ca9b54c1cc64bf2d5a44fd7e8a69db699d5ea52087a4748fd2abc1afed1e5d6f7c89025530bdaa2213d7e030fa55df6f34bcf1ce46d2edf4e3ae4f3b01891a068c9e3a44bbc43133edad6ecb9f35400c4252a5762d65744b99cb9f4c559329f
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=55b7eb27be7a787a59eb7e5fac468db8917a7725
+ Output=02d71fa9b53e4654fefb7f08385cf6b0ae3a817942ebf66c35ac67f0b069952a3ce9c7e1f1b02e480a9500836de5d64cdb7ecde04542f7a79988787e24c2ba05f5fd482c023ed5c30e04839dc44bed2a3a3a4fee01113c891a47d32eb8025c28cb050b5cdb576c70fe76ef523405c08417faf350b037a43c379339fcb18d3a356b
+
++Availablein = default
+ Verify=RSA-PSS-6
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -529,36 +570,42 @@ MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgTfJ2kpmyMQIuNon0MnXn4zLHq/B
+ 2LXF01SAItcGTqKaswIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=8be4afbdd76bd8d142c5f4f46dba771ee5d6d29d
+ Output=187f390723c8902591f0154bae6d4ecbffe067f0e8b795476ea4f4d51ccc810520bb3ca9bca7d0b1f2ea8a17d873fa27570acd642e3808561cb9e975ccfd80b23dc5771cdb3306a5f23159dacbd3aa2db93d46d766e09ed15d900ad897a8d274dc26b47e994a27e97e2268a766533ae4b5e42a2fcaf755c1c4794b294c60555823
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=402140dc605b2f5c5ec0d15bce9f9ba8857fe117
+ Output=10fd89768a60a67788abb5856a787c8561f3edcf9a83e898f7dc87ab8cce79429b43e56906941a886194f137e591fe7c339555361fbbe1f24feb2d4bcdb80601f3096bc9132deea60ae13082f44f9ad41cd628936a4d51176e42fc59cb76db815ce5ab4db99a104aafea68f5d330329ebf258d4ede16064bd1d00393d5e1570eb8
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=3e885205892ff2b6b37c2c4eb486c4bf2f9e7f20
+ Output=2b31fde99859b977aa09586d8e274662b25a2a640640b457f594051cb1e7f7a911865455242926cf88fe80dfa3a75ba9689844a11e634a82b075afbd69c12a0df9d25f84ad4945df3dc8fe90c3cefdf26e95f0534304b5bdba20d3e5640a2ebfb898aac35ae40f26fce5563c2f9f24f3042af76f3c7072d687bbfb959a88460af1
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=1fc2201d0c442a4736cd8b2cd00c959c47a3bf42
+ Output=32c7ca38ff26949a15000c4ba04b2b13b35a3810e568184d7ecabaa166b7ffabddf2b6cf4ba07124923790f2e5b1a5be040aea36fe132ec130e1f10567982d17ac3e89b8d26c3094034e762d2e031264f01170beecb3d1439e05846f25458367a7d9c02060444672671e64e877864559ca19b2074d588a281b5804d23772fbbe19
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=e4351b66819e5a31501f89acc7faf57030e9aac5
+ Output=07eb651d75f1b52bc263b2e198336e99fbebc4f332049a922a10815607ee2d989db3a4495b7dccd38f58a211fb7e193171a3d891132437ebca44f318b280509e52b5fa98fcce8205d9697c8ee4b7ff59d4c59c79038a1970bd2a0d451ecdc5ef11d9979c9d35f8c70a6163717607890d586a7c6dc01c79f86a8f28e85235f8c2f1
+
++Availablein = default
+ Verify=RSA-PSS-7
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+@@ -574,36 +621,42 @@ R1PbPO4O4Gx9+uix1TtZUyGPnM7qaVsIZo7eqtztlGOx15DV6/J+kRW0bK1NmiuO
+ +rBWGwgQNEc5raBzPwIDAQAB
+ -----END PUBLIC KEY-----
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=a1dd230d8ead860199b6277c2ecfe3d95f6d9160
+ Output=0262ac254bfa77f3c1aca22c5179f8f040422b3c5bafd40a8f21cf0fa5a667ccd5993d42dbafb409c520e25fce2b1ee1e716577f1efa17f3da28052f40f0419b23106d7845aaf01125b698e7a4dfe92d3967bb00c4d0d35ba3552ab9a8b3eef07c7fecdbc5424ac4db1e20cb37d0b2744769940ea907e17fbbca673b20522380c5
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=f6e68e53c602c5c65fa67b5aa6d786e5524b12ab
+ Output=2707b9ad5115c58c94e932e8ec0a280f56339e44a1b58d4ddcff2f312e5f34dcfe39e89c6a94dcee86dbbdae5b79ba4e0819a9e7bfd9d982e7ee6c86ee68396e8b3a14c9c8f34b178eb741f9d3f121109bf5c8172fada2e768f9ea1433032c004a8aa07eb990000a48dc94c8bac8aabe2b09b1aa46c0a2aa0e12f63fbba775ba7e
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=d6f9fcd3ae27f32bb2c7c93536782eba52af1f76
+ Output=2ad20509d78cf26d1b6c406146086e4b0c91a91c2bd164c87b966b8faa42aa0ca446022323ba4b1a1b89706d7f4c3be57d7b69702d168ab5955ee290356b8c4a29ed467d547ec23cbadf286ccb5863c6679da467fc9324a151c7ec55aac6db4084f82726825cfe1aa421bc64049fb42f23148f9c25b2dc300437c38d428aa75f96
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=7ff2a53ce2e2d900d468e498f230a5f5dd0020de
+ Output=1e24e6e58628e5175044a9eb6d837d48af1260b0520e87327de7897ee4d5b9f0df0be3e09ed4dea8c1454ff3423bb08e1793245a9df8bf6ab3968c8eddc3b5328571c77f091cc578576912dfebd164b9de5454fe0be1c1f6385b328360ce67ec7a05f6e30eb45c17c48ac70041d2cab67f0a2ae7aafdcc8d245ea3442a6300ccc7
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+ Input=4eb309f7022ba0b03bb78601b12931ec7c1be8d3
+ Output=33341ba3576a130a50e2a5cf8679224388d5693f5accc235ac95add68e5eb1eec31666d0ca7a1cda6f70a1aa762c05752a51950cdb8af3c5379f18cfe6b5bc55a4648226a15e912ef19ad77adeea911d67cfefd69ba43fa4119135ff642117ba985a7e0100325e9519f1ca6a9216bda055b5785015291125e90dcd07a2ca9673ee
+
++Availablein = default
+ Verify=RSA-PSS-8
+ Ctrl = rsa_padding_mode:pss
+ Ctrl = rsa_mgf1_md:sha1
+--
+2.48.1
+
diff --git a/0044-FIPS-140-3-keychecks.patch b/0044-FIPS-140-3-keychecks.patch
deleted file mode 100644
index 02c4031..0000000
--- a/0044-FIPS-140-3-keychecks.patch
+++ /dev/null
@@ -1,404 +0,0 @@
-From 4512f620199126e6b87433ef184f0450652ee28a Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Thu, 4 Apr 2024 11:42:18 +0200
-Subject: [PATCH 19/50] 0044-FIPS-140-3-keychecks.patch
-
-Patch-name: 0044-FIPS-140-3-keychecks.patch
-Patch-id: 44
-Patch-status: |
- # Extra public/private key checks required by FIPS-140-3
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- crypto/dh/dh_key.c | 26 ++++++++++
- crypto/rsa/rsa_gen.c | 3 ++
- .../implementations/exchange/ecdh_exch.c | 19 ++++++++
- providers/implementations/keymgmt/ec_kmgmt.c | 24 +++++++++-
- providers/implementations/keymgmt/rsa_kmgmt.c | 18 +++++++
- .../implementations/signature/ecdsa_sig.c | 37 +++++++++++++--
- providers/implementations/signature/rsa_sig.c | 47 +++++++++++++++++--
- 7 files changed, 165 insertions(+), 9 deletions(-)
-
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index 7132b9b68e..189bfc3e8b 100644
---- a/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
-@@ -43,6 +43,9 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- BN_MONT_CTX *mont = NULL;
- BIGNUM *z = NULL, *pminus1;
- int ret = -1;
-+#ifdef FIPS_MODULE
-+ int validate = 0;
-+#endif
-
- if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
- ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
-@@ -60,6 +63,13 @@ int ossl_dh_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
- return 0;
- }
-
-+#ifdef FIPS_MODULE
-+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
-+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
-+ return 0;
-+ }
-+#endif
-+
- ctx = BN_CTX_new_ex(dh->libctx);
- if (ctx == NULL)
- goto err;
-@@ -271,6 +281,9 @@ static int generate_key(DH *dh)
- #endif
- BN_CTX *ctx = NULL;
- BIGNUM *pub_key = NULL, *priv_key = NULL;
-+#ifdef FIPS_MODULE
-+ int validate = 0;
-+#endif
-
- if (BN_num_bits(dh->params.p) > OPENSSL_DH_MAX_MODULUS_BITS) {
- ERR_raise(ERR_LIB_DH, DH_R_MODULUS_TOO_LARGE);
-@@ -369,8 +382,21 @@ static int generate_key(DH *dh)
- if (!ossl_dh_generate_public_key(ctx, dh, priv_key, pub_key))
- goto err;
-
-+#ifdef FIPS_MODULE
-+ if (DH_check_pub_key(dh, pub_key, &validate) <= 0) {
-+ ERR_raise(ERR_LIB_DH, DH_R_CHECK_PUBKEY_INVALID);
-+ goto err;
-+ }
-+#endif
-+
- dh->pub_key = pub_key;
- dh->priv_key = priv_key;
-+#ifdef FIPS_MODULE
-+ if (ossl_dh_check_pairwise(dh) <= 0) {
-+ abort();
-+ }
-+#endif
-+
- dh->dirty_cnt++;
- ok = 1;
- err:
-diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
-index 0cdbb3fde2..65ff9d2d47 100644
---- a/crypto/rsa/rsa_gen.c
-+++ b/crypto/rsa/rsa_gen.c
-@@ -464,6 +464,9 @@ static int rsa_keygen(OSSL_LIB_CTX *libctx, RSA *rsa, int bits, int primes,
- rsa->dmp1 = NULL;
- rsa->dmq1 = NULL;
- rsa->iqmp = NULL;
-+#ifdef FIPS_MODULE
-+ abort();
-+#endif /* defined(FIPS_MODULE) */
- }
- }
- return ok;
-diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c
-index 5b8412aba1..1d98eba132 100644
---- a/providers/implementations/exchange/ecdh_exch.c
-+++ b/providers/implementations/exchange/ecdh_exch.c
-@@ -489,6 +489,25 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
- }
-
- ppubkey = EC_KEY_get0_public_key(pecdhctx->peerk);
-+#ifdef FIPS_MODULE
-+ {
-+ BN_CTX *bn_ctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(privk));
-+ int check = 0;
-+
-+ if (bn_ctx == NULL) {
-+ ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
-+ goto end;
-+ }
-+
-+ check = ossl_ec_key_public_check(pecdhctx->peerk, bn_ctx);
-+ BN_CTX_free(bn_ctx);
-+
-+ if (check <= 0) {
-+ ERR_raise(ERR_LIB_PROV, EC_R_INVALID_PEER_KEY);
-+ goto end;
-+ }
-+ }
-+#endif
-
- retlen = ECDH_compute_key(secret, size, ppubkey, privk, NULL);
-
-diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
-index 9390935394..1399be1751 100644
---- a/providers/implementations/keymgmt/ec_kmgmt.c
-+++ b/providers/implementations/keymgmt/ec_kmgmt.c
-@@ -991,8 +991,17 @@ struct ec_gen_ctx {
- EC_GROUP *gen_group;
- unsigned char *dhkem_ikm;
- size_t dhkem_ikmlen;
-+#ifdef FIPS_MODULE
-+ void *ecdsa_sig_ctx;
-+#endif
- };
-
-+#ifdef FIPS_MODULE
-+void *ecdsa_newctx(void *provctx, const char *propq);
-+void ecdsa_freectx(void *vctx);
-+int do_ec_pct(void *, const char *, void *);
-+#endif
-+
- static void *ec_gen_init(void *provctx, int selection,
- const OSSL_PARAM params[])
- {
-@@ -1011,6 +1020,10 @@ static void *ec_gen_init(void *provctx, int selection,
- gctx = NULL;
- }
- }
-+#ifdef FIPS_MODULE
-+ if (gctx != NULL)
-+ gctx->ecdsa_sig_ctx = ecdsa_newctx(provctx, NULL);
-+#endif
- return gctx;
- }
-
-@@ -1291,6 +1304,12 @@ static void *ec_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
-
- if (gctx->ecdh_mode != -1)
- ret = ret && ossl_ec_set_ecdh_cofactor_mode(ec, gctx->ecdh_mode);
-+#ifdef FIPS_MODULE
-+ /* Pairwise consistency test */
-+ if ((gctx->selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
-+ && do_ec_pct(gctx->ecdsa_sig_ctx, "sha256", ec) != 1)
-+ abort();
-+#endif
-
- if (gctx->group_check != NULL)
- ret = ret && ossl_ec_set_check_group_type_from_name(ec,
-@@ -1361,7 +1380,10 @@ static void ec_gen_cleanup(void *genctx)
-
- if (gctx == NULL)
- return;
--
-+#ifdef FIPS_MODULE
-+ ecdsa_freectx(gctx->ecdsa_sig_ctx);
-+ gctx->ecdsa_sig_ctx = NULL;
-+#endif
- OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen);
- EC_GROUP_free(gctx->gen_group);
- BN_free(gctx->p);
-diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
-index c24cb8da88..4462afa041 100644
---- a/providers/implementations/keymgmt/rsa_kmgmt.c
-+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
-@@ -434,6 +434,7 @@ struct rsa_gen_ctx {
- #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
- /* ACVP test parameters */
- OSSL_PARAM *acvp_test_params;
-+ void *prov_rsa_ctx;
- #endif
- };
-
-@@ -447,6 +448,12 @@ static int rsa_gencb(int p, int n, BN_GENCB *cb)
- return gctx->cb(params, gctx->cbarg);
- }
-
-+#ifdef FIPS_MODULE
-+void *rsa_newctx(void *provctx, const char *propq);
-+void rsa_freectx(void *vctx);
-+int do_rsa_pct(void *, const char *, void *);
-+#endif
-+
- static void *gen_init(void *provctx, int selection, int rsa_type,
- const OSSL_PARAM params[])
- {
-@@ -474,6 +481,10 @@ static void *gen_init(void *provctx, int selection, int rsa_type,
-
- if (!rsa_gen_set_params(gctx, params))
- goto err;
-+#ifdef FIPS_MODULE
-+ if (gctx != NULL)
-+ gctx->prov_rsa_ctx = rsa_newctx(provctx, NULL);
-+#endif
- return gctx;
-
- err:
-@@ -630,6 +641,11 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
-
- rsa = rsa_tmp;
- rsa_tmp = NULL;
-+#ifdef FIPS_MODULE
-+ /* Pairwise consistency test */
-+ if (do_rsa_pct(gctx->prov_rsa_ctx, "sha256", rsa) != 1)
-+ abort();
-+#endif
- err:
- BN_GENCB_free(gencb);
- RSA_free(rsa_tmp);
-@@ -645,6 +661,8 @@ static void rsa_gen_cleanup(void *genctx)
- #if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
- ossl_rsa_acvp_test_gen_params_free(gctx->acvp_test_params);
- gctx->acvp_test_params = NULL;
-+ rsa_freectx(gctx->prov_rsa_ctx);
-+ gctx->prov_rsa_ctx = NULL;
- #endif
- BN_clear_free(gctx->pub_exp);
- OPENSSL_free(gctx);
-diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
-index fe65ed8dc6..f158105e71 100644
---- a/providers/implementations/signature/ecdsa_sig.c
-+++ b/providers/implementations/signature/ecdsa_sig.c
-@@ -33,7 +33,7 @@
- #include "crypto/ec.h"
- #include "prov/der_ec.h"
-
--static OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
-+OSSL_FUNC_signature_newctx_fn ecdsa_newctx;
- static OSSL_FUNC_signature_sign_init_fn ecdsa_sign_init;
- static OSSL_FUNC_signature_verify_init_fn ecdsa_verify_init;
- static OSSL_FUNC_signature_sign_fn ecdsa_sign;
-@@ -44,7 +44,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn ecdsa_digest_sign_final;
- static OSSL_FUNC_signature_digest_verify_init_fn ecdsa_digest_verify_init;
- static OSSL_FUNC_signature_digest_verify_update_fn ecdsa_digest_signverify_update;
- static OSSL_FUNC_signature_digest_verify_final_fn ecdsa_digest_verify_final;
--static OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
-+OSSL_FUNC_signature_freectx_fn ecdsa_freectx;
- static OSSL_FUNC_signature_dupctx_fn ecdsa_dupctx;
- static OSSL_FUNC_signature_get_ctx_params_fn ecdsa_get_ctx_params;
- static OSSL_FUNC_signature_gettable_ctx_params_fn ecdsa_gettable_ctx_params;
-@@ -107,7 +107,7 @@ typedef struct {
- unsigned int nonce_type;
- } PROV_ECDSA_CTX;
-
--static void *ecdsa_newctx(void *provctx, const char *propq)
-+void *ecdsa_newctx(void *provctx, const char *propq)
- {
- PROV_ECDSA_CTX *ctx;
-
-@@ -380,7 +380,7 @@ int ecdsa_digest_verify_final(void *vctx, const unsigned char *sig,
- return ecdsa_verify(ctx, sig, siglen, digest, (size_t)dlen);
- }
-
--static void ecdsa_freectx(void *vctx)
-+void ecdsa_freectx(void *vctx)
- {
- PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
-
-@@ -601,6 +601,35 @@ static const OSSL_PARAM *ecdsa_settable_ctx_md_params(void *vctx)
- return EVP_MD_settable_ctx_params(ctx->md);
- }
-
-+#ifdef FIPS_MODULE
-+int do_ec_pct(void *vctx, const char *mdname, void *ec)
-+{
-+ static const unsigned char data[32];
-+ unsigned char sigbuf[256];
-+ size_t siglen = sizeof(sigbuf);
-+
-+ if (ecdsa_digest_sign_init(vctx, mdname, ec, NULL) <= 0)
-+ return 0;
-+
-+ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
-+ return 0;
-+
-+ if (ecdsa_digest_sign_final(vctx, sigbuf, &siglen, sizeof(sigbuf)) <= 0)
-+ return 0;
-+
-+ if (ecdsa_digest_verify_init(vctx, mdname, ec, NULL) <= 0)
-+ return 0;
-+
-+ if (ecdsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
-+ return 0;
-+
-+ if (ecdsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
-+ return 0;
-+
-+ return 1;
-+}
-+#endif
-+
- const OSSL_DISPATCH ossl_ecdsa_signature_functions[] = {
- { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))ecdsa_newctx },
- { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))ecdsa_sign_init },
-diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 76db37dd02..22d93ead53 100644
---- a/providers/implementations/signature/rsa_sig.c
-+++ b/providers/implementations/signature/rsa_sig.c
-@@ -34,7 +34,7 @@
-
- #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
-
--static OSSL_FUNC_signature_newctx_fn rsa_newctx;
-+OSSL_FUNC_signature_newctx_fn rsa_newctx;
- static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
- static OSSL_FUNC_signature_verify_init_fn rsa_verify_init;
- static OSSL_FUNC_signature_verify_recover_init_fn rsa_verify_recover_init;
-@@ -47,7 +47,7 @@ static OSSL_FUNC_signature_digest_sign_final_fn rsa_digest_sign_final;
- static OSSL_FUNC_signature_digest_verify_init_fn rsa_digest_verify_init;
- static OSSL_FUNC_signature_digest_verify_update_fn rsa_digest_signverify_update;
- static OSSL_FUNC_signature_digest_verify_final_fn rsa_digest_verify_final;
--static OSSL_FUNC_signature_freectx_fn rsa_freectx;
-+OSSL_FUNC_signature_freectx_fn rsa_freectx;
- static OSSL_FUNC_signature_dupctx_fn rsa_dupctx;
- static OSSL_FUNC_signature_get_ctx_params_fn rsa_get_ctx_params;
- static OSSL_FUNC_signature_gettable_ctx_params_fn rsa_gettable_ctx_params;
-@@ -170,7 +170,7 @@ static int rsa_check_parameters(PROV_RSA_CTX *prsactx, int min_saltlen)
- return 1;
- }
-
--static void *rsa_newctx(void *provctx, const char *propq)
-+void *rsa_newctx(void *provctx, const char *propq)
- {
- PROV_RSA_CTX *prsactx = NULL;
- char *propq_copy = NULL;
-@@ -974,7 +974,7 @@ int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig,
- return rsa_verify(vprsactx, sig, siglen, digest, (size_t)dlen);
- }
-
--static void rsa_freectx(void *vprsactx)
-+void rsa_freectx(void *vprsactx)
- {
- PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
-
-@@ -1451,6 +1451,45 @@ static const OSSL_PARAM *rsa_settable_ctx_md_params(void *vprsactx)
- return EVP_MD_settable_ctx_params(prsactx->md);
- }
-
-+#ifdef FIPS_MODULE
-+int do_rsa_pct(void *vctx, const char *mdname, void *rsa)
-+{
-+ static const unsigned char data[32];
-+ unsigned char *sigbuf = NULL;
-+ size_t siglen = 0;
-+ int ret = 0;
-+
-+ if (rsa_digest_sign_init(vctx, mdname, rsa, NULL) <= 0)
-+ return 0;
-+
-+ if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
-+ return 0;
-+
-+ if (rsa_digest_sign_final(vctx, NULL, &siglen, 0) <= 0)
-+ return 0;
-+
-+ if ((sigbuf = OPENSSL_malloc(siglen)) == NULL)
-+ return 0;
-+
-+ if (rsa_digest_sign_final(vctx, sigbuf, &siglen, siglen) <= 0)
-+ goto err;
-+
-+ if (rsa_digest_verify_init(vctx, mdname, rsa, NULL) <= 0)
-+ goto err;
-+
-+ if (rsa_digest_signverify_update(vctx, data, sizeof(data)) <= 0)
-+ goto err;
-+
-+ if (rsa_digest_verify_final(vctx, sigbuf, siglen) <= 0)
-+ goto err;
-+ ret = 1;
-+
-+ err:
-+ OPENSSL_free(sigbuf);
-+ return ret;
-+}
-+#endif
-+
- const OSSL_DISPATCH ossl_rsa_signature_functions[] = {
- { OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
- { OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
---
-2.44.0
-
diff --git a/0044-FIPS-NO-Kmac.patch b/0044-FIPS-NO-Kmac.patch
new file mode 100644
index 0000000..5b5e0ea
--- /dev/null
+++ b/0044-FIPS-NO-Kmac.patch
@@ -0,0 +1,277 @@
+From 9ceb2c9b4d2cd53dfc168a422fca966e7a66a5c8 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Fri, 7 Mar 2025 18:22:07 -0500
+Subject: [PATCH 44/49] FIPS: NO Kmac
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ providers/fips/fipsprov.c | 10 +++++----
+ providers/fips/self_test_data.inc | 4 ++++
+ test/recipes/30-test_evp_data/evpkdf_ss.txt | 2 ++
+ .../30-test_evp_data/evpmac_common.txt | 22 +++++++++++++++++++
+ 4 files changed, 34 insertions(+), 4 deletions(-)
+
+diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
+index 30f0c8ca14..00b7d1e2aa 100644
+--- a/providers/fips/fipsprov.c
++++ b/providers/fips/fipsprov.c
+@@ -293,10 +293,11 @@ static const OSSL_ALGORITHM fips_digests[] = {
+ * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
+ * KMAC128 and KMAC256.
+ */
+- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
++ /* We don't certify KECCAK in our FIPS provider */
++ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
+ ossl_keccak_kmac_128_functions },
+ { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES,
+- ossl_keccak_kmac_256_functions },
++ ossl_keccak_kmac_256_functions }, */
+ { NULL, NULL, NULL }
+ };
+
+@@ -369,8 +370,9 @@ static const OSSL_ALGORITHM fips_macs[] = {
+ #endif
+ { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions },
+ { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions },
+- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
+- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions },
++ /* We don't certify KMAC in our FIPS provider */
++ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
++ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */
+ { NULL, NULL, NULL }
+ };
+
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index 6a69e1687b..f3059a8446 100644
+--- a/providers/fips/self_test_data.inc
++++ b/providers/fips/self_test_data.inc
+@@ -544,6 +544,7 @@ static const ST_KAT_PARAM kbkdf_params[] = {
+ ST_KAT_PARAM_END()
+ };
+
++#if 0
+ static const char kbkdf_kmac_mac[] = "KMAC128";
+ static unsigned char kbkdf_kmac_label[] = {
+ 0xB5, 0xB5, 0xF3, 0x71, 0x9F, 0xBE, 0x5B, 0x3D,
+@@ -570,6 +571,7 @@ static const ST_KAT_PARAM kbkdf_kmac_params[] = {
+ ST_KAT_PARAM_OCTET(OSSL_KDF_PARAM_INFO, kbkdf_kmac_context),
+ ST_KAT_PARAM_END()
+ };
++#endif
+
+ static const char tls13_kdf_digest[] = "SHA256";
+ static int tls13_kdf_extract_mode = EVP_KDF_HKDF_MODE_EXTRACT_ONLY;
+@@ -660,12 +662,14 @@ static const ST_KAT_KDF st_kat_kdf_tests[] =
+ kbkdf_params,
+ ITM(kbkdf_expected)
+ },
++#if 0
+ {
+ OSSL_SELF_TEST_DESC_KDF_KBKDF_KMAC,
+ OSSL_KDF_NAME_KBKDF,
+ kbkdf_kmac_params,
+ ITM(kbkdf_kmac_expected)
+ },
++#endif
+ {
+ OSSL_SELF_TEST_DESC_KDF_HKDF,
+ OSSL_KDF_NAME_HKDF,
+diff --git a/test/recipes/30-test_evp_data/evpkdf_ss.txt b/test/recipes/30-test_evp_data/evpkdf_ss.txt
+index 07691ccf57..ce315ecf76 100644
+--- a/test/recipes/30-test_evp_data/evpkdf_ss.txt
++++ b/test/recipes/30-test_evp_data/evpkdf_ss.txt
+@@ -1171,6 +1171,7 @@ Ctrl.hexsecret = hexsecret:40B6E03711EBEBA14011ACE96CB056DEBAEB6E5E706F99435257C
+ Ctrl.hexinfo = hexinfo:5D437C2F1035A4F1F751E59CF10650171EF5769FCFBE438DFBC5BD8EA724100076447AB804F91DFA680E592FE2621A45DAB4C6A77B678059FC29E572DE4424EB5459F53523002ED38AAB1D9DD96C3523D1907C5EFBAE93DFFE680F716498720110D2A3B9CE9B66DB2884C83E9BEB546754874C0CA1967AF000000400
+ Output = 428979EA52175DC833C04215AC6B4BA89BA4FCAA0E0FA3B4E2C0E264C5746F0A5C788F2907A2C2B90719E396B35A14C4B583C51B9911125D34100FADDC4D94C0D936263CC1EF0B0D526E3891FE1F67BCB94DEA2525B84A8E7949A4CA34F36AEEC55099BF0EC5DE24B86428F4E6E6E23FE9AA443E2BDCF25A77ECD22BF758D554
+
++Availablein = default
+ KDF = SSKDF
+ Ctrl.mac = mac:KMAC-128
+ Ctrl.hexsecret = hexsecret:EAD54AE33FFAFFE7875610390ADBA9DFB291EE8C1920CB13452FDF851E0A6DBBB862FD8811F8CB29CDEC13591D8C047065FCD2
+@@ -1257,6 +1258,7 @@ Ctrl.hexsalt = hexsalt:00
+ Ctrl.hexinfo = hexinfo:861aa2886798231259bd0314
+ Output = 02cfca07797566285b38982b86762abd
+
++Availablein = default
+ KDF = SSKDF
+ Ctrl.mac = mac:KMAC-128
+ Ctrl.hexsalt = hexsalt:00000000
+diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
+index 831eecbac9..f18b558796 100644
+--- a/test/recipes/30-test_evp_data/evpmac_common.txt
++++ b/test/recipes/30-test_evp_data/evpmac_common.txt
+@@ -399,6 +399,7 @@ Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C
+ Result = MAC_INIT_ERROR
+ Reason = invalid mode
+
++Availablein = default
+ Title = KMAC Tests (From NIST)
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+@@ -409,12 +410,14 @@ Ctrl = xof:0
+ OutputSize = 32
+ BlockSize = 168
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+ Custom = "My Tagged Application"
+ Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -422,6 +425,7 @@ Custom = "My Tagged Application"
+ Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230
+ Ctrl = size:32
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+@@ -430,12 +434,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC
+ OutputSize = 64
+ BlockSize = 136
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+ Custom = ""
+ Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -445,12 +451,14 @@ Ctrl = size:64
+
+ Title = KMAC XOF Tests (From NIST)
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+ Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
+ XOF = 1
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+@@ -458,6 +466,7 @@ Custom = "My Tagged Application"
+ Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
+ XOF = 1
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -466,6 +475,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
+ XOF = 1
+ Ctrl = size:32
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+@@ -473,6 +483,7 @@ Custom = "My Tagged Application"
+ Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
+ XOF = 1
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -480,6 +491,7 @@ Custom = ""
+ Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
+ XOF = 1
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -490,6 +502,7 @@ XOF = 1
+
+ Title = KMAC long customisation string (from NIST ACVP)
+
++Availablein = default
+ MAC = KMAC256
+ Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
+ Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
+@@ -500,12 +513,14 @@ XOF = 1
+
+ Title = KMAC XOF Tests via ctrl (From NIST)
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+ Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
+ Ctrl = xof:1
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+@@ -513,6 +528,7 @@ Custom = "My Tagged Application"
+ Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
+ Ctrl = xof:1
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -521,6 +537,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
+ Ctrl = xof:1
+ Ctrl = size:32
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 00010203
+@@ -528,6 +545,7 @@ Custom = "My Tagged Application"
+ Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
+ Ctrl = xof:1
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -535,6 +553,7 @@ Custom = ""
+ Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
+ Ctrl = xof:1
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -545,6 +564,7 @@ Ctrl = xof:1
+
+ Title = KMAC long customisation string via ctrl (from NIST ACVP)
+
++Availablein = default
+ MAC = KMAC256
+ Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
+ Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
+@@ -555,6 +575,7 @@ Ctrl = xof:1
+
+ Title = KMAC long customisation string negative test
+
++Availablein = default
+ MAC = KMAC128
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+@@ -564,6 +585,7 @@ Reason = invalid custom length
+
+ Title = KMAC output is too large
+
++Availablein = default
+ MAC = KMAC256
+ Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
+ Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
+--
+2.48.1
+
diff --git a/0045-FIPS-NO-ECX-Ed-X-25519-448.patch b/0045-FIPS-NO-ECX-Ed-X-25519-448.patch
new file mode 100644
index 0000000..a9a5faa
--- /dev/null
+++ b/0045-FIPS-NO-ECX-Ed-X-25519-448.patch
@@ -0,0 +1,86 @@
+From 8f028f446b1d46774966ab59cef5c756e9d9e330 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Fri, 7 Mar 2025 18:23:26 -0500
+Subject: [PATCH 45/49] FIPS: NO ECX (Ed/X-25519/448)
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ providers/fips/fipsprov.c | 9 ++++++---
+ providers/fips/self_test_data.inc | 2 ++
+ test/endecode_test.c | 2 ++
+ 3 files changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
+index 00b7d1e2aa..bfe538b8de 100644
+--- a/providers/fips/fipsprov.c
++++ b/providers/fips/fipsprov.c
+@@ -421,7 +421,8 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
+ #endif
+ #ifndef OPENSSL_NO_EC
+ { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
+-# ifndef OPENSSL_NO_ECX
++/* We don't certify Edwards curves in our FIPS provider */
++# if 0 /* # ifndef OPENSSL_NO_ECX */
+ { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keyexch_functions },
+ { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keyexch_functions },
+ # endif
+@@ -470,7 +471,8 @@ static const OSSL_ALGORITHM fips_signature[] = {
+ { PROV_NAMES_RSA_SHA3_512, FIPS_DEFAULT_PROPERTIES,
+ ossl_rsa_sha3_512_signature_functions },
+ #ifndef OPENSSL_NO_EC
+-# ifndef OPENSSL_NO_ECX
++/* We don't certify Edwards curves in our FIPS provider */
++# if 0 /* # ifndef OPENSSL_NO_ECX */
+ { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES,
+ ossl_ed25519_signature_functions },
+ { PROV_NAMES_ED25519ph, FIPS_DEFAULT_PROPERTIES,
+@@ -575,7 +577,8 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
+ #ifndef OPENSSL_NO_EC
+ { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
+ PROV_DESCS_EC },
+-# ifndef OPENSSL_NO_ECX
++/* We don't certify Edwards curves in our FIPS provider */
++# if 0 /* # ifndef OPENSSL_NO_ECX */
+ { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keymgmt_functions,
+ PROV_DESCS_X25519 },
+ { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keymgmt_functions,
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index f3059a8446..cdba162674 100644
+--- a/providers/fips/self_test_data.inc
++++ b/providers/fips/self_test_data.inc
+@@ -3003,6 +3003,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ ITM(ecdsa_bin_expected_sig)
+ },
+ # endif
++# if 0
+ # ifndef OPENSSL_NO_ECX
+ {
+ OSSL_SELF_TEST_DESC_SIGN_EDDSA,
+@@ -3021,6 +3022,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ ITM(ed25519_expected_sig),
+ },
+ # endif /* OPENSSL_NO_ECX */
++# endif
+ #endif /* OPENSSL_NO_EC */
+ #if 0
+ #ifndef OPENSSL_NO_DSA
+diff --git a/test/endecode_test.c b/test/endecode_test.c
+index dfd5e92f7e..3deb6f55c6 100644
+--- a/test/endecode_test.c
++++ b/test/endecode_test.c
+@@ -1571,10 +1571,12 @@ int setup_tests(void)
+ # endif
+ #endif
+ #ifndef OPENSSL_NO_ECX
++ if (is_fips == 0) {
+ ADD_TEST_SUITE(ED25519);
+ ADD_TEST_SUITE(ED448);
+ ADD_TEST_SUITE(X25519);
+ ADD_TEST_SUITE(X448);
++ }
+ /*
+ * ED25519, ED448, X25519 and X448 have no support for
+ * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
+--
+2.48.1
+
diff --git a/0045-FIPS-services-minimize.patch b/0045-FIPS-services-minimize.patch
deleted file mode 100644
index 89b2d57..0000000
--- a/0045-FIPS-services-minimize.patch
+++ /dev/null
@@ -1,779 +0,0 @@
-From e25b25227043a2b2cf156527c31d7686a4265bf3 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 20/49] 0045-FIPS-services-minimize.patch
-
-Patch-name: 0045-FIPS-services-minimize.patch
-Patch-id: 45
-Patch-status: |
- # # Minimize fips services
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- apps/ecparam.c | 7 +++
- apps/req.c | 2 +-
- providers/common/capabilities.c | 2 +-
- providers/fips/fipsprov.c | 44 +++++++++++--------
- providers/fips/self_test_data.inc | 9 +++-
- providers/implementations/signature/rsa_sig.c | 26 +++++++++++
- ssl/ssl_ciph.c | 3 ++
- test/acvp_test.c | 2 +
- test/endecode_test.c | 4 ++
- test/evp_libctx_test.c | 9 +++-
- test/recipes/15-test_gendsa.t | 2 +-
- test/recipes/20-test_cli_fips.t | 3 +-
- test/recipes/30-test_evp.t | 20 ++++-----
- .../30-test_evp_data/evpmac_common.txt | 22 ++++++++++
- test/recipes/80-test_cms.t | 22 +++++-----
- test/recipes/80-test_ssl_old.t | 2 +-
- 16 files changed, 128 insertions(+), 51 deletions(-)
-
-diff --git a/apps/ecparam.c b/apps/ecparam.c
-index 71f93c4ca5..347bf62d5c 100644
---- a/apps/ecparam.c
-+++ b/apps/ecparam.c
-@@ -79,6 +79,13 @@ static int list_builtin_curves(BIO *out)
- const char *comment = curves[n].comment;
- const char *sname = OBJ_nid2sn(curves[n].nid);
-
-+ if (((curves[n].nid == NID_secp256k1) || (curves[n].nid == NID_brainpoolP256r1)
-+ || (curves[n].nid == NID_brainpoolP256t1) || (curves[n].nid == NID_brainpoolP320r1)
-+ || (curves[n].nid == NID_brainpoolP320t1) || (curves[n].nid == NID_brainpoolP384r1)
-+ || (curves[n].nid == NID_brainpoolP384t1) || (curves[n].nid == NID_brainpoolP512r1)
-+ || (curves[n].nid == NID_brainpoolP512t1)) && EVP_default_properties_is_fips_enabled(NULL))
-+ continue;
-+
- if (comment == NULL)
- comment = "CURVE DESCRIPTION NOT AVAILABLE";
- if (sname == NULL)
-diff --git a/apps/req.c b/apps/req.c
-index 8995453dca..cb38e6aa64 100644
---- a/apps/req.c
-+++ b/apps/req.c
-@@ -268,7 +268,7 @@ int req_main(int argc, char **argv)
- unsigned long chtype = MBSTRING_ASC, reqflag = 0;
-
- #ifndef OPENSSL_NO_DES
-- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
-+ cipher = (EVP_CIPHER *)EVP_aes_256_cbc();
- #endif
-
- opt_set_unknown_name("digest");
-diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
-index f7234615e4..0d4c0e3388 100644
---- a/providers/common/capabilities.c
-+++ b/providers/common/capabilities.c
-@@ -189,9 +189,9 @@ static const OSSL_PARAM param_group_list[][10] = {
- TLS_GROUP_ENTRY("brainpoolP256r1", "brainpoolP256r1", "EC", 25),
- TLS_GROUP_ENTRY("brainpoolP384r1", "brainpoolP384r1", "EC", 26),
- TLS_GROUP_ENTRY("brainpoolP512r1", "brainpoolP512r1", "EC", 27),
--# endif
- TLS_GROUP_ENTRY("x25519", "X25519", "X25519", 28),
- TLS_GROUP_ENTRY("x448", "X448", "X448", 29),
-+# endif
- # ifndef FIPS_MODULE
- TLS_GROUP_ENTRY("brainpoolP256r1tls13", "brainpoolP256r1", "EC", 30),
- TLS_GROUP_ENTRY("brainpoolP384r1tls13", "brainpoolP384r1", "EC", 31),
-diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index 7ec409710b..ec5bdd5a69 100644
---- a/providers/fips/fipsprov.c
-+++ b/providers/fips/fipsprov.c
-@@ -199,13 +199,13 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[])
- OSSL_LIB_CTX_FIPS_PROV_INDEX);
-
- p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
-- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider"))
-+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "Red Hat Enterprise Linux 9 - OpenSSL FIPS Provider"))
- return 0;
- p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
-- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
-+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION))
- return 0;
- p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
-- if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
-+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, REDHAT_FIPS_VERSION))
- return 0;
- p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
- if (p != NULL && !OSSL_PARAM_set_int(p, ossl_prov_is_running()))
-@@ -298,10 +298,11 @@ static const OSSL_ALGORITHM fips_digests[] = {
- * KECCAK-KMAC-128 and KECCAK-KMAC-256 as hashes are mostly useful for
- * KMAC128 and KMAC256.
- */
-- { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
-+ /* We don't certify KECCAK in our FIPS provider */
-+ /* { PROV_NAMES_KECCAK_KMAC_128, FIPS_DEFAULT_PROPERTIES,
- ossl_keccak_kmac_128_functions },
- { PROV_NAMES_KECCAK_KMAC_256, FIPS_DEFAULT_PROPERTIES,
-- ossl_keccak_kmac_256_functions },
-+ ossl_keccak_kmac_256_functions }, */
- { NULL, NULL, NULL }
- };
-
-@@ -360,8 +361,9 @@ static const OSSL_ALGORITHM_CAPABLE fips_ciphers[] = {
- ALGC(PROV_NAMES_AES_256_CBC_HMAC_SHA256, ossl_aes256cbc_hmac_sha256_functions,
- ossl_cipher_capable_aes_cbc_hmac_sha256),
- #ifndef OPENSSL_NO_DES
-- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
-- UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions),
-+ /* We don't certify 3DES in our FIPS provider */
-+ /* UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_ECB, ossl_tdes_ede3_ecb_functions),
-+ UNAPPROVED_ALG(PROV_NAMES_DES_EDE3_CBC, ossl_tdes_ede3_cbc_functions), */
- #endif /* OPENSSL_NO_DES */
- { { NULL, NULL, NULL }, NULL }
- };
-@@ -373,8 +375,9 @@ static const OSSL_ALGORITHM fips_macs[] = {
- #endif
- { PROV_NAMES_GMAC, FIPS_DEFAULT_PROPERTIES, ossl_gmac_functions },
- { PROV_NAMES_HMAC, FIPS_DEFAULT_PROPERTIES, ossl_hmac_functions },
-- { PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
-- { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions },
-+ /* We don't certify KMAC in our FIPS provider */
-+ /*{ PROV_NAMES_KMAC_128, FIPS_DEFAULT_PROPERTIES, ossl_kmac128_functions },
-+ { PROV_NAMES_KMAC_256, FIPS_DEFAULT_PROPERTIES, ossl_kmac256_functions }, */
- { NULL, NULL, NULL }
- };
-
-@@ -410,8 +413,9 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
- #ifndef OPENSSL_NO_EC
- { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
- # ifndef OPENSSL_NO_ECX
-- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
-- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },
-+ /* We don't certify Edwards curves in our FIPS provider */
-+ /*{ PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keyexch_functions },
-+ { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keyexch_functions },*/
- # endif
- #endif
- { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES,
-@@ -422,14 +426,16 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
-
- static const OSSL_ALGORITHM fips_signature[] = {
- #ifndef OPENSSL_NO_DSA
-- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },
-+ /* We don't certify DSA in our FIPS provider */
-+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_signature_functions },*/
- #endif
- { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_signature_functions },
- #ifndef OPENSSL_NO_EC
- # ifndef OPENSSL_NO_ECX
-- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
-+ /* We don't certify Edwards curves in our FIPS provider */
-+ /* { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES,
- ossl_ed25519_signature_functions },
-- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },
-+ { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_signature_functions },*/
- # endif
- { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES, ossl_ecdsa_signature_functions },
- #endif
-@@ -460,8 +466,9 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
- PROV_DESCS_DHX },
- #endif
- #ifndef OPENSSL_NO_DSA
-- { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
-- PROV_DESCS_DSA },
-+ /* We don't certify DSA in our FIPS provider */
-+ /* { PROV_NAMES_DSA, FIPS_DEFAULT_PROPERTIES, ossl_dsa_keymgmt_functions,
-+ PROV_DESCS_DSA }, */
- #endif
- { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_keymgmt_functions,
- PROV_DESCS_RSA },
-@@ -471,14 +478,15 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
- { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
- PROV_DESCS_EC },
- # ifndef OPENSSL_NO_ECX
-- { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
-+ /* We don't certify Edwards curves in our FIPS provider */
-+ /* { PROV_NAMES_X25519, FIPS_DEFAULT_PROPERTIES, ossl_x25519_keymgmt_functions,
- PROV_DESCS_X25519 },
- { PROV_NAMES_X448, FIPS_DEFAULT_PROPERTIES, ossl_x448_keymgmt_functions,
- PROV_DESCS_X448 },
- { PROV_NAMES_ED25519, FIPS_UNAPPROVED_PROPERTIES, ossl_ed25519_keymgmt_functions,
- PROV_DESCS_ED25519 },
- { PROV_NAMES_ED448, FIPS_UNAPPROVED_PROPERTIES, ossl_ed448_keymgmt_functions,
-- PROV_DESCS_ED448 },
-+ PROV_DESCS_ED448 }, */
- # endif
- #endif
- { PROV_NAMES_TLS1_PRF, FIPS_DEFAULT_PROPERTIES, ossl_kdf_keymgmt_functions,
-diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
-index 2057378d3d..4b80bb70b9 100644
---- a/providers/fips/self_test_data.inc
-+++ b/providers/fips/self_test_data.inc
-@@ -177,6 +177,7 @@ static const ST_KAT_DIGEST st_kat_digest_tests[] =
- /*- CIPHER TEST DATA */
-
- /* DES3 test data */
-+#if 0
- static const unsigned char des_ede3_cbc_pt[] = {
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
- 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A,
-@@ -197,7 +198,7 @@ static const unsigned char des_ede3_cbc_ct[] = {
- 0x51, 0x65, 0x70, 0x48, 0x1F, 0x25, 0xB5, 0x0F,
- 0x73, 0xC0, 0xBD, 0xA8, 0x5C, 0x8E, 0x0D, 0xA7
- };
--
-+#endif
- /* AES-256 GCM test data */
- static const unsigned char aes_256_gcm_key[] = {
- 0x92, 0xe1, 0x1d, 0xcd, 0xaa, 0x86, 0x6f, 0x5c,
-@@ -1454,8 +1455,9 @@ static const ST_KAT_PARAM ecdsa_bin_key[] = {
- # endif /* OPENSSL_NO_EC2M */
- #endif /* OPENSSL_NO_EC */
-
--#ifndef OPENSSL_NO_DSA
- /* dsa 2048 */
-+#if 0
-+#ifndef OPENSSL_NO_DSA
- static const unsigned char dsa_p[] = {
- 0xa2, 0x9b, 0x88, 0x72, 0xce, 0x8b, 0x84, 0x23,
- 0xb7, 0xd5, 0xd2, 0x1d, 0x4b, 0x02, 0xf5, 0x7e,
-@@ -1590,6 +1592,7 @@ static const ST_KAT_PARAM dsa_key[] = {
- ST_KAT_PARAM_END()
- };
- #endif /* OPENSSL_NO_DSA */
-+#endif
-
- /* Hash DRBG inputs for signature KATs */
- static const unsigned char sig_kat_entropyin[] = {
-@@ -1642,6 +1645,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
- },
- # endif
- #endif /* OPENSSL_NO_EC */
-+#if 0
- #ifndef OPENSSL_NO_DSA
- {
- OSSL_SELF_TEST_DESC_SIGN_DSA,
-@@ -1654,6 +1658,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
- ITM(dsa_expected_sig)
- },
- #endif /* OPENSSL_NO_DSA */
-+#endif
- };
-
- static const ST_KAT_ASYM_CIPHER st_kat_asym_cipher_tests[] = {
-diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 22d93ead53..c1405f47ea 100644
---- a/providers/implementations/signature/rsa_sig.c
-+++ b/providers/implementations/signature/rsa_sig.c
-@@ -686,6 +686,19 @@ static int rsa_verify_recover(void *vprsactx,
- {
- PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
- int ret;
-+# ifdef FIPS_MODULE
-+ size_t rsabits = RSA_bits(prsactx->rsa);
-+
-+ if (rsabits < 2048) {
-+ if (rsabits != 1024
-+ && rsabits != 1280
-+ && rsabits != 1536
-+ && rsabits != 1792) {
-+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
-+ return 0;
-+ }
-+ }
-+# endif
-
- if (!ossl_prov_is_running())
- return 0;
-@@ -774,6 +787,19 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen,
- {
- PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
- size_t rslen;
-+# ifdef FIPS_MODULE
-+ size_t rsabits = RSA_bits(prsactx->rsa);
-+
-+ if (rsabits < 2048) {
-+ if (rsabits != 1024
-+ && rsabits != 1280
-+ && rsabits != 1536
-+ && rsabits != 1792) {
-+ ERR_raise(ERR_LIB_FIPS, PROV_R_INVALID_KEY_LENGTH);
-+ return 0;
-+ }
-+ }
-+# endif
-
- if (!ossl_prov_is_running())
- return 0;
-diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c
-index 33c23efb0d..113c204716 100644
---- a/ssl/ssl_ciph.c
-+++ b/ssl/ssl_ciph.c
-@@ -356,6 +356,9 @@ int ssl_load_ciphers(SSL_CTX *ctx)
- ctx->disabled_mkey_mask = 0;
- ctx->disabled_auth_mask = 0;
-
-+ if (EVP_default_properties_is_fips_enabled(ctx->libctx))
-+ ctx->disabled_mkey_mask |= SSL_kRSA | SSL_kRSAPSK;
-+
- /*
- * We ignore any errors from the fetches below. They are expected to fail
- * if these algorithms are not available.
-diff --git a/test/acvp_test.c b/test/acvp_test.c
-index 45509095af..4a67519bb4 100644
---- a/test/acvp_test.c
-+++ b/test/acvp_test.c
-@@ -1478,6 +1478,7 @@ int setup_tests(void)
- OSSL_NELEM(dh_safe_prime_keyver_data));
- #endif /* OPENSSL_NO_DH */
-
-+#if 0 /* Red Hat FIPS provider doesn't have fips=yes property on DSA */
- #ifndef OPENSSL_NO_DSA
- ADD_ALL_TESTS(dsa_keygen_test, OSSL_NELEM(dsa_keygen_data));
- ADD_ALL_TESTS(dsa_paramgen_test, OSSL_NELEM(dsa_paramgen_data));
-@@ -1485,6 +1486,7 @@ int setup_tests(void)
- ADD_ALL_TESTS(dsa_siggen_test, OSSL_NELEM(dsa_siggen_data));
- ADD_ALL_TESTS(dsa_sigver_test, OSSL_NELEM(dsa_sigver_data));
- #endif /* OPENSSL_NO_DSA */
-+#endif
-
- #ifndef OPENSSL_NO_EC
- ADD_ALL_TESTS(ecdsa_keygen_test, OSSL_NELEM(ecdsa_keygen_data));
-diff --git a/test/endecode_test.c b/test/endecode_test.c
-index b53b7b715b..885e49a47c 100644
---- a/test/endecode_test.c
-+++ b/test/endecode_test.c
-@@ -1419,6 +1419,7 @@ int setup_tests(void)
- * so no legacy tests.
- */
- #endif
-+ if (is_fips == 0) {
- #ifndef OPENSSL_NO_DSA
- ADD_TEST_SUITE(DSA);
- ADD_TEST_SUITE_PARAMS(DSA);
-@@ -1429,6 +1430,7 @@ int setup_tests(void)
- ADD_TEST_SUITE_PROTECTED_PVK(DSA);
- # endif
- #endif
-+ }
- #ifndef OPENSSL_NO_EC
- ADD_TEST_SUITE(EC);
- ADD_TEST_SUITE_PARAMS(EC);
-@@ -1443,10 +1445,12 @@ int setup_tests(void)
- ADD_TEST_SUITE(SM2);
- }
- # endif
-+ if (is_fips == 0) {
- ADD_TEST_SUITE(ED25519);
- ADD_TEST_SUITE(ED448);
- ADD_TEST_SUITE(X25519);
- ADD_TEST_SUITE(X448);
-+ }
- /*
- * ED25519, ED448, X25519 and X448 have no support for
- * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
-diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
-index 2448c35a14..a7913cda4c 100644
---- a/test/evp_libctx_test.c
-+++ b/test/evp_libctx_test.c
-@@ -21,6 +21,7 @@
- */
- #include "internal/deprecated.h"
- #include <assert.h>
-+#include <string.h>
- #include <openssl/evp.h>
- #include <openssl/provider.h>
- #include <openssl/dsa.h>
-@@ -726,7 +727,9 @@ int setup_tests(void)
- return 0;
-
- #if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DH)
-- ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
-+ if (strcmp(prov_name, "fips") != 0) {
-+ ADD_ALL_TESTS(test_dsa_param_keygen, 3 * 3 * 3);
-+ }
- #endif
- #ifndef OPENSSL_NO_DH
- ADD_ALL_TESTS(test_dh_safeprime_param_keygen, 3 * 3 * 3);
-@@ -746,7 +749,9 @@ int setup_tests(void)
- ADD_TEST(kem_invalid_keytype);
- #endif
- #ifndef OPENSSL_NO_DES
-- ADD_TEST(test_cipher_tdes_randkey);
-+ if (strcmp(prov_name, "fips") != 0) {
-+ ADD_TEST(test_cipher_tdes_randkey);
-+ }
- #endif
- return 1;
- }
-diff --git a/test/recipes/15-test_gendsa.t b/test/recipes/15-test_gendsa.t
-index 4bc460784b..93052eb3e7 100644
---- a/test/recipes/15-test_gendsa.t
-+++ b/test/recipes/15-test_gendsa.t
-@@ -24,7 +24,7 @@ use lib bldtop_dir('.');
- plan skip_all => "This test is unsupported in a no-dsa build"
- if disabled("dsa");
-
--my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-+my $no_fips = 1;
-
- plan tests =>
- ($no_fips ? 0 : 2) # FIPS related tests
-diff --git a/test/recipes/20-test_cli_fips.t b/test/recipes/20-test_cli_fips.t
-index d4b4d4ca51..031814e8ff 100644
---- a/test/recipes/20-test_cli_fips.t
-+++ b/test/recipes/20-test_cli_fips.t
-@@ -278,8 +278,7 @@ SKIP: {
- }
-
- SKIP : {
-- skip "FIPS DSA tests because of no dsa in this build", 1
-- if disabled("dsa");
-+ skip "FIPS DSA tests because of no dsa in this build", 1;
-
- subtest DSA => sub {
- my $testtext_prefix = 'DSA';
-diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
-index eddca5c58e..36a192d041 100644
---- a/test/recipes/30-test_evp.t
-+++ b/test/recipes/30-test_evp.t
-@@ -46,10 +46,8 @@ my @files = qw(
- evpciph_aes_cts.txt
- evpciph_aes_wrap.txt
- evpciph_aes_stitched.txt
-- evpciph_des3_common.txt
- evpkdf_hkdf.txt
- evpkdf_kbkdf_counter.txt
-- evpkdf_kbkdf_kmac.txt
- evpkdf_pbkdf1.txt
- evpkdf_pbkdf2.txt
- evpkdf_ss.txt
-@@ -69,15 +67,6 @@ push @files, qw(
- evppkey_ffdhe.txt
- evppkey_dh.txt
- ) unless $no_dh;
--push @files, qw(
-- evpkdf_x942_des.txt
-- evpmac_cmac_des.txt
-- ) unless $no_des;
--push @files, qw(evppkey_dsa.txt) unless $no_dsa;
--push @files, qw(
-- evppkey_ecx.txt
-- evppkey_mismatch_ecx.txt
-- ) unless $no_ecx;
- push @files, qw(
- evppkey_ecc.txt
- evppkey_ecdh.txt
-@@ -97,6 +86,7 @@ my @defltfiles = qw(
- evpciph_cast5.txt
- evpciph_chacha.txt
- evpciph_des.txt
-+ evpciph_des3_common.txt
- evpciph_idea.txt
- evpciph_rc2.txt
- evpciph_rc4.txt
-@@ -121,13 +111,19 @@ my @defltfiles = qw(
- evpmd_whirlpool.txt
- evppbe_scrypt.txt
- evppbe_pkcs12.txt
-+ evpkdf_kbkdf_kmac.txt
- evppkey_kdf_scrypt.txt
- evppkey_kdf_tls1_prf.txt
- evppkey_rsa.txt
- );
-+push @defltfiles, qw(evppkey_dsa.txt) unless $no_dsa;
-+push @defltfiles, qw(evppkey_ecx.txt) unless $no_ec;
-+push @defltfiles, qw(
-+ evpkdf_x942_des.txt
-+ evpmac_cmac_des.txt
-+ ) unless $no_des;
- push @defltfiles, qw(evppkey_brainpool.txt) unless $no_ec;
- push @defltfiles, qw(evppkey_ecdsa_rfc6979.txt) unless $no_ec;
--push @defltfiles, qw(evppkey_dsa_rfc6979.txt) unless $no_dsa;
- push @defltfiles, qw(evppkey_sm2.txt) unless $no_sm2;
- push @defltfiles, qw(evpciph_aes_gcm_siv.txt) unless $no_siv;
- push @defltfiles, qw(evpciph_aes_siv.txt) unless $no_siv;
-diff --git a/test/recipes/30-test_evp_data/evpmac_common.txt b/test/recipes/30-test_evp_data/evpmac_common.txt
-index e47023aae6..96a8febeef 100644
---- a/test/recipes/30-test_evp_data/evpmac_common.txt
-+++ b/test/recipes/30-test_evp_data/evpmac_common.txt
-@@ -363,6 +363,7 @@ IV = 7AE8E2CA4EC500012E58495C
- Input = 68F2E77696CE7AE8E2CA4EC588E541002E58495C08000F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D0007
- Result = MAC_INIT_ERROR
-
-+Availablein = default
- Title = KMAC Tests (From NIST)
- MAC = KMAC128
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
-@@ -373,12 +374,14 @@ Ctrl = xof:0
- OutputSize = 32
- BlockSize = 168
-
-+Availablein = default
- MAC = KMAC128
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 00010203
- Custom = "My Tagged Application"
- Output = 3B1FBA963CD8B0B59E8C1A6D71888B7143651AF8BA0A7070C0979E2811324AA5
-
-+Availablein = default
- MAC = KMAC128
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -386,6 +389,7 @@ Custom = "My Tagged Application"
- Output = 1F5B4E6CCA02209E0DCB5CA635B89A15E271ECC760071DFD805FAA38F9729230
- Ctrl = size:32
-
-+Availablein = default
- MAC = KMAC256
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 00010203
-@@ -394,12 +398,14 @@ Output = 20C570C31346F703C9AC36C61C03CB64C3970D0CFC787E9B79599D273A68D2F7F69D4CC
- OutputSize = 64
- BlockSize = 136
-
-+Availablein = default
- MAC = KMAC256
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
- Custom = ""
- Output = 75358CF39E41494E949707927CEE0AF20A3FF553904C86B08F21CC414BCFD691589D27CF5E15369CBBFF8B9A4C2EB17800855D0235FF635DA82533EC6B759B69
-
-+Availablein = default
- MAC = KMAC256
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -409,12 +415,14 @@ Ctrl = size:64
-
- Title = KMAC XOF Tests (From NIST)
-
-+Availablein = default
- MAC = KMAC128
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 00010203
- Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
- XOF = 1
-
-+Availablein = default
- MAC = KMAC128
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 00010203
-@@ -422,6 +430,7 @@ Custom = "My Tagged Application"
- Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
- XOF = 1
-
-+Availablein = default
- MAC = KMAC128
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -430,6 +439,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
- XOF = 1
- Ctrl = size:32
-
-+Availablein = default
- MAC = KMAC256
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 00010203
-@@ -437,6 +447,7 @@ Custom = "My Tagged Application"
- Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
- XOF = 1
-
-+Availablein = default
- MAC = KMAC256
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -444,6 +455,7 @@ Custom = ""
- Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
- XOF = 1
-
-+Availablein = default
- MAC = KMAC256
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -454,6 +466,7 @@ XOF = 1
-
- Title = KMAC long customisation string (from NIST ACVP)
-
-+Availablein = default
- MAC = KMAC256
- Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
- Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
-@@ -464,12 +477,14 @@ XOF = 1
-
- Title = KMAC XOF Tests via ctrl (From NIST)
-
-+Availablein = default
- MAC = KMAC128
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 00010203
- Output = CD83740BBD92CCC8CF032B1481A0F4460E7CA9DD12B08A0C4031178BACD6EC35
- Ctrl = xof:1
-
-+Availablein = default
- MAC = KMAC128
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 00010203
-@@ -477,6 +492,7 @@ Custom = "My Tagged Application"
- Output = 31A44527B4ED9F5C6101D11DE6D26F0620AA5C341DEF41299657FE9DF1A3B16C
- Ctrl = xof:1
-
-+Availablein = default
- MAC = KMAC128
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -485,6 +501,7 @@ Output = 47026C7CD793084AA0283C253EF658490C0DB61438B8326FE9BDDF281B83AE0F
- Ctrl = xof:1
- Ctrl = size:32
-
-+Availablein = default
- MAC = KMAC256
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 00010203
-@@ -492,6 +509,7 @@ Custom = "My Tagged Application"
- Output = 1755133F1534752AAD0748F2C706FB5C784512CAB835CD15676B16C0C6647FA96FAA7AF634A0BF8FF6DF39374FA00FAD9A39E322A7C92065A64EB1FB0801EB2B
- Ctrl = xof:1
-
-+Availablein = default
- MAC = KMAC256
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -499,6 +517,7 @@ Custom = ""
- Output = FF7B171F1E8A2B24683EED37830EE797538BA8DC563F6DA1E667391A75EDC02CA633079F81CE12A25F45615EC89972031D18337331D24CEB8F8CA8E6A19FD98B
- Ctrl = xof:1
-
-+Availablein = default
- MAC = KMAC256
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -509,6 +528,7 @@ Ctrl = xof:1
-
- Title = KMAC long customisation string via ctrl (from NIST ACVP)
-
-+Availablein = default
- MAC = KMAC256
- Key = 9743DBF93102FAF11227B154B8ACD16CF142671F7AA16C559A393A38B4CEF461ED29A6A328D7379C99718790E38B54CA25E9E831CBEA463EE704D1689F94629AB795DF0C77F756DA743309C0E054596BA2D9CC1768ACF7CD351D9A7EB1ABD0A3
- Input = BA63AC9C711F143CCE7FF92D0322649D1BE437D805FD225C0A2879A008373EC3BCCDB09971FAD2BCE5F4347AF7E5238EF01A90ED34193D6AFC1D
-@@ -519,6 +539,7 @@ Ctrl = xof:1
-
- Title = KMAC long customisation string negative test
-
-+Availablein = default
- MAC = KMAC128
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-@@ -527,6 +548,7 @@ Result = MAC_INIT_ERROR
-
- Title = KMAC output is too large
-
-+Availablein = default
- MAC = KMAC256
- Key = 404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F
- Input = 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F808182838485868788898A8B8C8D8E8F909192939495969798999A9B9C9D9E9FA0A1A2A3A4A5A6A7A8A9AAABACADAEAFB0B1B2B3B4B5B6B7B8B9BABBBCBDBEBFC0C1C2C3C4C5C6C7
-diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 6a9792128b..4e368c730b 100644
---- a/test/recipes/80-test_cms.t
-+++ b/test/recipes/80-test_cms.t
-@@ -96,7 +96,7 @@ my @smime_pkcs7_tests = (
- \&final_compare
- ],
-
-- [ "signed content DER format, DSA key",
-+ [ "signed content DER format, DSA key, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
- "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
-@@ -104,7 +104,7 @@ my @smime_pkcs7_tests = (
- \&final_compare
- ],
-
-- [ "signed detached content DER format, DSA key",
-+ [ "signed detached content DER format, DSA key, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
- "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
-@@ -113,7 +113,7 @@ my @smime_pkcs7_tests = (
- \&final_compare
- ],
-
-- [ "signed detached content DER format, add RSA signer (with DSA existing)",
-+ [ "signed detached content DER format, add RSA signer (with DSA existing), no Red Hat FIPS",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
- "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
- [ "{cmd1}", @prov, "-resign", "-in", "{output}.cms", "-inform", "DER", "-outform", "DER",
-@@ -124,7 +124,7 @@ my @smime_pkcs7_tests = (
- \&final_compare
- ],
-
-- [ "signed content test streaming BER format, DSA key",
-+ [ "signed content test streaming BER format, DSA key, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
- "-nodetach", "-stream",
- "-signer", catfile($smdir, "smdsa1.pem"), "-out", "{output}.cms" ],
-@@ -133,7 +133,7 @@ my @smime_pkcs7_tests = (
- \&final_compare
- ],
-
-- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys",
-+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
- "-nodetach", "-stream",
- "-signer", $smrsa1,
-@@ -146,7 +146,7 @@ my @smime_pkcs7_tests = (
- \&final_compare
- ],
-
-- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
-+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
- "-noattr", "-nodetach", "-stream",
- "-signer", $smrsa1,
-@@ -176,7 +176,7 @@ my @smime_pkcs7_tests = (
- \&zero_compare
- ],
-
-- [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
-+ [ "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-nodetach",
- "-signer", $smrsa1,
- "-signer", catfile($smdir, "smrsa2.pem"),
-@@ -188,7 +188,7 @@ my @smime_pkcs7_tests = (
- \&final_compare
- ],
-
-- [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
-+ [ "signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont,
- "-signer", $smrsa1,
- "-signer", catfile($smdir, "smrsa2.pem"),
-@@ -250,7 +250,7 @@ my @smime_pkcs7_tests = (
-
- my @smime_cms_tests = (
-
-- [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
-+ [ "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
- "-nodetach", "-keyid",
- "-signer", $smrsa1,
-@@ -263,7 +263,7 @@ my @smime_cms_tests = (
- \&final_compare
- ],
-
-- [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
-+ [ "signed content test streaming PEM format, 2 DSA and 2 RSA keys, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "PEM", "-nodetach",
- "-signer", $smrsa1,
- "-signer", catfile($smdir, "smrsa2.pem"),
-@@ -373,7 +373,7 @@ my @smime_cms_tests = (
- \&final_compare
- ],
-
-- [ "encrypted content test streaming PEM format, triple DES key",
-+ [ "encrypted content test streaming PEM format, triple DES key, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
- "-des3", "-secretkey", "000102030405060708090A0B0C0D0E0F1011121314151617",
- "-stream", "-out", "{output}.cms" ],
-diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
-index 50b74a1e29..e2dcb68fb5 100644
---- a/test/recipes/80-test_ssl_old.t
-+++ b/test/recipes/80-test_ssl_old.t
-@@ -436,7 +436,7 @@ sub testssl {
- my @exkeys = ();
- my $ciphers = '-PSK:-SRP:@SECLEVEL=0';
-
-- if (!$no_dsa) {
-+ if (!$no_dsa && $provider ne "fips") {
- push @exkeys, "-s_cert", "certD.ss", "-s_key", $Dkey;
- }
-
---
-2.44.0
-
diff --git a/0046-FIPS-NO-PQ-ML-SLH-DSA.patch b/0046-FIPS-NO-PQ-ML-SLH-DSA.patch
new file mode 100644
index 0000000..fd94cc2
--- /dev/null
+++ b/0046-FIPS-NO-PQ-ML-SLH-DSA.patch
@@ -0,0 +1,33 @@
+From cb1473f833fd77bfc5a5f75c031e824f1fd30fcc Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Fri, 7 Mar 2025 18:24:36 -0500
+Subject: [PATCH 46/49] FIPS: NO PQ (ML/SLH-DSA)
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ providers/fips/self_test_data.inc | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index cdba162674..136a580f25 100644
+--- a/providers/fips/self_test_data.inc
++++ b/providers/fips/self_test_data.inc
+@@ -3039,6 +3039,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ #endif /* OPENSSL_NO_DSA */
+ #endif
+
++#if 0
+ #ifndef OPENSSL_NO_ML_DSA
+ {
+ OSSL_SELF_TEST_DESC_SIGN_ML_DSA,
+@@ -3083,6 +3084,7 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ slh_dsa_sig_params, slh_dsa_sig_params
+ },
+ #endif /* OPENSSL_NO_SLH_DSA */
++#endif
+ };
+
+ #if !defined(OPENSSL_NO_ML_DSA)
+--
+2.48.1
+
diff --git a/0047-FIPS-early-KATS.patch b/0047-FIPS-early-KATS.patch
deleted file mode 100644
index 6dffded..0000000
--- a/0047-FIPS-early-KATS.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From ba6e65e2f7e7fe8d9cd62e1e7e345bc41dda424f Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Thu, 19 Oct 2023 13:12:40 +0200
-Subject: [PATCH 21/46] 0047-FIPS-early-KATS.patch
-
-Patch-name: 0047-FIPS-early-KATS.patch
-Patch-id: 47
-Patch-status: |
- # # Execute KATS before HMAC verification
-From-dist-git-commit: 5c67b5adc311af297f425c09e3e1ac7ca8483911
----
- providers/fips/self_test.c | 22 ++++++++++------------
- 1 file changed, 10 insertions(+), 12 deletions(-)
-
-diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
-index e3a629018a..3c09bd8638 100644
---- a/providers/fips/self_test.c
-+++ b/providers/fips/self_test.c
-@@ -401,6 +401,16 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
- if (ev == NULL)
- goto end;
-
-+ /*
-+ * Run the KAT's before HMAC verification according to FIPS-140-3 requirements
-+ */
-+ if (kats_already_passed == 0) {
-+ if (!SELF_TEST_kats(ev, st->libctx)) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
-+ goto end;
-+ }
-+ }
-+
- if (st->module_checksum_data == NULL) {
- module_checksum = fips_hmac_container;
- checksum_len = sizeof(fips_hmac_container);
-@@ -451,18 +461,6 @@ int SELF_TEST_post(SELF_TEST_POST_PARAMS *st, int on_demand_test)
- }
- }
-
-- /*
-- * Only runs the KAT's during installation OR on_demand().
-- * NOTE: If the installation option 'self_test_onload' is chosen then this
-- * path will always be run, since kats_already_passed will always be 0.
-- */
-- if (on_demand_test || kats_already_passed == 0) {
-- if (!SELF_TEST_kats(ev, st->libctx)) {
-- ERR_raise(ERR_LIB_PROV, PROV_R_SELF_TEST_KAT_FAILURE);
-- goto end;
-- }
-- }
--
- /* Verify that the RNG has been restored properly */
- rng = ossl_rand_get0_private_noncreating(st->libctx);
- if (rng != NULL)
---
-2.41.0
-
diff --git a/0047-Revert-FIPS-NO-ECX-Ed-X-25519-448.patch b/0047-Revert-FIPS-NO-ECX-Ed-X-25519-448.patch
new file mode 100644
index 0000000..0bad5b9
--- /dev/null
+++ b/0047-Revert-FIPS-NO-ECX-Ed-X-25519-448.patch
@@ -0,0 +1,86 @@
+From 555f55f890a49dcccf3871b4f0d3e55b991084a0 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Fri, 7 Mar 2025 18:26:02 -0500
+Subject: [PATCH 47/49] Revert "FIPS: NO ECX (Ed/X-25519/448)"
+
+This reverts commit 2344cdb3e019e98bc9a5059c3b74e44e7e22bfe8.
+---
+ providers/fips/fipsprov.c | 9 +++------
+ providers/fips/self_test_data.inc | 2 --
+ test/endecode_test.c | 2 --
+ 3 files changed, 3 insertions(+), 10 deletions(-)
+
+diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
+index bfe538b8de..00b7d1e2aa 100644
+--- a/providers/fips/fipsprov.c
++++ b/providers/fips/fipsprov.c
+@@ -421,8 +421,7 @@ static const OSSL_ALGORITHM fips_keyexch[] = {
+ #endif
+ #ifndef OPENSSL_NO_EC
+ { PROV_NAMES_ECDH, FIPS_DEFAULT_PROPERTIES, ossl_ecdh_keyexch_functions },
+-/* We don't certify Edwards curves in our FIPS provider */
+-# if 0 /* # ifndef OPENSSL_NO_ECX */
++# ifndef OPENSSL_NO_ECX
+ { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keyexch_functions },
+ { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keyexch_functions },
+ # endif
+@@ -471,8 +470,7 @@ static const OSSL_ALGORITHM fips_signature[] = {
+ { PROV_NAMES_RSA_SHA3_512, FIPS_DEFAULT_PROPERTIES,
+ ossl_rsa_sha3_512_signature_functions },
+ #ifndef OPENSSL_NO_EC
+-/* We don't certify Edwards curves in our FIPS provider */
+-# if 0 /* # ifndef OPENSSL_NO_ECX */
++# ifndef OPENSSL_NO_ECX
+ { PROV_NAMES_ED25519, FIPS_DEFAULT_PROPERTIES,
+ ossl_ed25519_signature_functions },
+ { PROV_NAMES_ED25519ph, FIPS_DEFAULT_PROPERTIES,
+@@ -577,8 +575,7 @@ static const OSSL_ALGORITHM fips_keymgmt[] = {
+ #ifndef OPENSSL_NO_EC
+ { PROV_NAMES_EC, FIPS_DEFAULT_PROPERTIES, ossl_ec_keymgmt_functions,
+ PROV_DESCS_EC },
+-/* We don't certify Edwards curves in our FIPS provider */
+-# if 0 /* # ifndef OPENSSL_NO_ECX */
++# ifndef OPENSSL_NO_ECX
+ { PROV_NAMES_X25519, FIPS_UNAPPROVED_PROPERTIES, ossl_x25519_keymgmt_functions,
+ PROV_DESCS_X25519 },
+ { PROV_NAMES_X448, FIPS_UNAPPROVED_PROPERTIES, ossl_x448_keymgmt_functions,
+diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
+index 136a580f25..9659f10613 100644
+--- a/providers/fips/self_test_data.inc
++++ b/providers/fips/self_test_data.inc
+@@ -3003,7 +3003,6 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ ITM(ecdsa_bin_expected_sig)
+ },
+ # endif
+-# if 0
+ # ifndef OPENSSL_NO_ECX
+ {
+ OSSL_SELF_TEST_DESC_SIGN_EDDSA,
+@@ -3022,7 +3021,6 @@ static const ST_KAT_SIGN st_kat_sign_tests[] = {
+ ITM(ed25519_expected_sig),
+ },
+ # endif /* OPENSSL_NO_ECX */
+-# endif
+ #endif /* OPENSSL_NO_EC */
+ #if 0
+ #ifndef OPENSSL_NO_DSA
+diff --git a/test/endecode_test.c b/test/endecode_test.c
+index 3deb6f55c6..dfd5e92f7e 100644
+--- a/test/endecode_test.c
++++ b/test/endecode_test.c
+@@ -1571,12 +1571,10 @@ int setup_tests(void)
+ # endif
+ #endif
+ #ifndef OPENSSL_NO_ECX
+- if (is_fips == 0) {
+ ADD_TEST_SUITE(ED25519);
+ ADD_TEST_SUITE(ED448);
+ ADD_TEST_SUITE(X25519);
+ ADD_TEST_SUITE(X448);
+- }
+ /*
+ * ED25519, ED448, X25519 and X448 have no support for
+ * PEM_write_bio_PrivateKey_traditional(), so no legacy tests.
+--
+2.48.1
+
diff --git a/0048-FIPS-Fix-some-tests-due-to-our-versioning-change.patch b/0048-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
new file mode 100644
index 0000000..0799953
--- /dev/null
+++ b/0048-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
@@ -0,0 +1,106 @@
+From 0a02c2942b14256b11315a42564d87848e107b47 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Mon, 10 Mar 2025 13:52:50 -0400
+Subject: [PATCH 48/49] FIPS: Fix some tests due to our versioning change
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ test/ssl-tests/13-fragmentation.cnf.in | 4 ++--
+ test/ssl-tests/17-renegotiate.cnf.in | 4 ++--
+ test/ssl-tests/18-dtls-renegotiate.cnf.in | 2 +-
+ test/ssl-tests/19-mac-then-encrypt.cnf.in | 2 +-
+ test/ssl-tests/20-cert-select.cnf.in | 6 +++---
+ 5 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/test/ssl-tests/13-fragmentation.cnf.in b/test/ssl-tests/13-fragmentation.cnf.in
+index 318fd65960..87ec08ee5b 100644
+--- a/test/ssl-tests/13-fragmentation.cnf.in
++++ b/test/ssl-tests/13-fragmentation.cnf.in
+@@ -14,7 +14,7 @@ use warnings;
+
+ package ssltests;
+
+-our $fips_3_4;
++our $fips_mode;
+
+ our @tests = (
+ # Default fragment size is 512.
+@@ -273,4 +273,4 @@ my @tests_rsa = (
+ );
+
+ push @tests, @tests_rsa
+- unless $fips_3_4;
++ unless $fips_mode;
+diff --git a/test/ssl-tests/17-renegotiate.cnf.in b/test/ssl-tests/17-renegotiate.cnf.in
+index 2812e4c38b..9cbd972eba 100644
+--- a/test/ssl-tests/17-renegotiate.cnf.in
++++ b/test/ssl-tests/17-renegotiate.cnf.in
+@@ -15,7 +15,7 @@ use warnings;
+ package ssltests;
+ use OpenSSL::Test::Utils;
+
+-our $fips_3_4;
++our $fips_mode;
+
+ our @tests = (
+ {
+@@ -318,5 +318,5 @@ our @tests_tls1_2 = (
+ }
+ );
+
+-push @tests, @tests_tls1_2_rsa unless disabled("tls1_2") or $fips_3_4;
++push @tests, @tests_tls1_2_rsa unless disabled("tls1_2") or $fips_mode;
+ push @tests, @tests_tls1_2 unless disabled("tls1_2");
+diff --git a/test/ssl-tests/18-dtls-renegotiate.cnf.in b/test/ssl-tests/18-dtls-renegotiate.cnf.in
+index 8996849a2c..415dc2978d 100644
+--- a/test/ssl-tests/18-dtls-renegotiate.cnf.in
++++ b/test/ssl-tests/18-dtls-renegotiate.cnf.in
+@@ -133,7 +133,7 @@ foreach my $sctp ("No", "Yes")
+ );
+ push @tests, @tests_basic;
+
+- next if disabled("dtls1_2") || $fips_3_4;
++ next if disabled("dtls1_2") || $fips_mode;
+ our @tests_dtls1_2 = (
+ {
+ name => "renegotiate-aead-to-non-aead".$suffix,
+diff --git a/test/ssl-tests/19-mac-then-encrypt.cnf.in b/test/ssl-tests/19-mac-then-encrypt.cnf.in
+index 32bcec4be4..2f8a123c20 100644
+--- a/test/ssl-tests/19-mac-then-encrypt.cnf.in
++++ b/test/ssl-tests/19-mac-then-encrypt.cnf.in
+@@ -17,7 +17,7 @@ our $fips_mode;
+ our $fips_3_4;
+
+ # Nothing to test with newer fips providers
+-return if $fips_3_4;
++return if $fips_mode;
+
+ our @tests = (
+ {
+diff --git a/test/ssl-tests/20-cert-select.cnf.in b/test/ssl-tests/20-cert-select.cnf.in
+index af47842fd8..21c75033e8 100644
+--- a/test/ssl-tests/20-cert-select.cnf.in
++++ b/test/ssl-tests/20-cert-select.cnf.in
+@@ -266,7 +266,7 @@ our @tests = (
+ },
+ test => {
+ "ExpectedServerCertType" =>, "RSA",
+- "ExpectedResult" => $fips_3_4 ? "ClientFail" : "Success"
++ "ExpectedResult" => $fips_mode ? "ClientFail" : "Success"
+ },
+ },
+ {
+@@ -1005,8 +1005,8 @@ my @tests_dsa_tls_1_3 = (
+ );
+
+ if (!disabled("dsa")) {
+- push @tests, @tests_dsa_tls_1_2 unless disabled("dh") || $fips_3_4;
+- push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3");
++ push @tests, @tests_dsa_tls_1_2 unless disabled("dh") || $fips_mode;
++ push @tests, @tests_dsa_tls_1_3 unless disabled("tls1_3") || $fips_mode;
+ }
+
+ my @tests_mldsa_tls_1_3 = (
+--
+2.48.1
+
diff --git a/0049-Allow-disabling-of-SHA1-signatures.patch b/0049-Allow-disabling-of-SHA1-signatures.patch
deleted file mode 100644
index c5774c2..0000000
--- a/0049-Allow-disabling-of-SHA1-signatures.patch
+++ /dev/null
@@ -1,511 +0,0 @@
-From 4f9167db05cade673f98f1a00efd57136e97b460 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 22/49] 0049-Allow-disabling-of-SHA1-signatures.patch
-
-Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch
-Patch-id: 49
-Patch-status: |
- # # Selectively disallow SHA1 signatures rhbz#2070977
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- crypto/context.c | 14 ++++
- crypto/evp/evp_cnf.c | 13 +++
- crypto/evp/m_sigver.c | 79 +++++++++++++++++++
- crypto/evp/pmeth_lib.c | 15 ++++
- doc/man5/config.pod | 13 +++
- include/crypto/context.h | 3 +
- include/internal/cryptlib.h | 3 +-
- include/internal/sslconf.h | 4 +
- providers/common/securitycheck.c | 20 +++++
- providers/common/securitycheck_default.c | 9 ++-
- providers/implementations/signature/dsa_sig.c | 11 ++-
- .../implementations/signature/ecdsa_sig.c | 4 +
- providers/implementations/signature/rsa_sig.c | 20 ++++-
- ssl/t1_lib.c | 8 ++
- util/libcrypto.num | 2 +
- 15 files changed, 209 insertions(+), 9 deletions(-)
-
-diff --git a/crypto/context.c b/crypto/context.c
-index fb4816d89b..c04920fe14 100644
---- a/crypto/context.c
-+++ b/crypto/context.c
-@@ -83,6 +83,8 @@ struct ossl_lib_ctx_st {
- void *fips_prov;
- #endif
-
-+ void *legacy_digest_signatures;
-+
- unsigned int ischild:1;
- };
-
-@@ -223,6 +225,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
- goto err;
- #endif
-
-+ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx);
-+ if (ctx->legacy_digest_signatures == NULL)
-+ goto err;
-+
- /* Low priority. */
- #ifndef FIPS_MODULE
- ctx->child_provider = ossl_child_prov_ctx_new(ctx);
-@@ -366,6 +372,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
- }
- #endif
-
-+ if (ctx->legacy_digest_signatures != NULL) {
-+ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures);
-+ ctx->legacy_digest_signatures = NULL;
-+ }
-+
- /* Low priority. */
- #ifndef FIPS_MODULE
- if (ctx->child_provider != NULL) {
-@@ -663,6 +674,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
- return ctx->fips_prov;
- #endif
-
-+ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX:
-+ return ctx->legacy_digest_signatures;
-+
- default:
- return NULL;
- }
-diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
-index 0e7fe64cf9..b9d3b6d226 100644
---- a/crypto/evp/evp_cnf.c
-+++ b/crypto/evp/evp_cnf.c
-@@ -10,6 +10,7 @@
- #include <stdio.h>
- #include <openssl/crypto.h>
- #include "internal/cryptlib.h"
-+#include "internal/sslconf.h"
- #include <openssl/conf.h>
- #include <openssl/x509.h>
- #include <openssl/x509v3.h>
-@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
- ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
- return 0;
- }
-+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) {
-+ int m;
-+
-+ /* Detailed error already reported. */
-+ if (!X509V3_get_value_bool(oval, &m))
-+ return 0;
-+
-+ if (!ossl_ctx_legacy_digest_signatures_allowed_set(
-+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
-+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
-+ return 0;
-+ }
- } else {
- ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
- "name=%s, value=%s", oval->name, oval->value);
-diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index 3a979f4bd4..fd3a4b79df 100644
---- a/crypto/evp/m_sigver.c
-+++ b/crypto/evp/m_sigver.c
-@@ -15,6 +15,73 @@
- #include "internal/provider.h"
- #include "internal/numbers.h" /* includes SIZE_MAX */
- #include "evp_local.h"
-+#include "crypto/context.h"
-+
-+typedef struct ossl_legacy_digest_signatures_st {
-+ int allowed;
-+} OSSL_LEGACY_DIGEST_SIGNATURES;
-+
-+void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
-+{
-+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
-+
-+ if (ldsigs != NULL) {
-+ OPENSSL_free(ldsigs);
-+ }
-+}
-+
-+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
-+{
-+ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
-+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
-+ * because the default on Fedora is to allow SHA-1 and support disabling
-+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
-+ ldsigs->allowed = 1;
-+ return ldsigs;
-+}
-+
-+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
-+ OSSL_LIB_CTX *libctx, int loadconfig)
-+{
-+#ifndef FIPS_MODULE
-+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
-+ return NULL;
-+#endif
-+
-+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX);
-+}
-+
-+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
-+{
-+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
-+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
-+
-+ #ifndef FIPS_MODULE
-+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL)
-+ /* used in tests */
-+ return 1;
-+ #endif
-+
-+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
-+ * because the default on Fedora is to allow SHA-1 and support disabling
-+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
-+ return ldsigs != NULL ? ldsigs->allowed : 1;
-+}
-+
-+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
-+ int loadconfig)
-+{
-+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
-+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
-+
-+ if (ldsigs == NULL) {
-+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-+
-+ ldsigs->allowed = allow;
-+ return 1;
-+}
-
- #ifndef FIPS_MODULE
-
-@@ -253,6 +320,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- }
- }
-
-+ if (ctx->reqdigest != NULL
-+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
-+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
-+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
-+ int mdnid = EVP_MD_nid(ctx->reqdigest);
-+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
-+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
-+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
-+ goto err;
-+ }
-+ }
-+
- if (ver) {
- if (signature->digest_verify_init == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
-diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
-index 268b1617e3..248f655d0f 100644
---- a/crypto/evp/pmeth_lib.c
-+++ b/crypto/evp/pmeth_lib.c
-@@ -33,6 +33,7 @@
- #include "internal/ffc.h"
- #include "internal/numbers.h"
- #include "internal/provider.h"
-+#include "internal/sslconf.h"
- #include "evp_local.h"
-
- #ifndef FIPS_MODULE
-@@ -951,6 +952,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
- return -2;
- }
-
-+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
-+ && md != NULL
-+ && ctx->pkey != NULL
-+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
-+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
-+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
-+ int mdnid = EVP_MD_nid(md);
-+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
-+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
-+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
-+ return -1;
-+ }
-+ }
-+
- if (fallback)
- return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
-
-diff --git a/doc/man5/config.pod b/doc/man5/config.pod
-index bd05736220..ed34ff4b9c 100644
---- a/doc/man5/config.pod
-+++ b/doc/man5/config.pod
-@@ -304,6 +304,19 @@ Within the algorithm properties section, the following names have meaning:
- The value may be anything that is acceptable as a property query
- string for EVP_set_default_properties().
-
-+=item B<rh-allow-sha1-signatures>
-+
-+The value is a boolean that can be B<yes> or B<no>. If the value is not set,
-+it behaves as if it was set to B<yes>.
-+
-+When set to B<no>, any attempt to create or verify a signature with a SHA1
-+digest will fail. To test whether your software will work with future versions
-+of OpenSSL, set this option to B<no>. This setting also affects TLS, where
-+signature algorithms that use SHA1 as digest will no longer be supported if
-+this option is set to B<no>. Because TLS 1.1 or lower use MD5-SHA1 as
-+pseudorandom function (PRF) to derive key material, disabling
-+B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
-+
- =item B<fips_mode> (deprecated)
-
- The value is a boolean that can be B<yes> or B<no>. If the value is
-diff --git a/include/crypto/context.h b/include/crypto/context.h
-index 7369a730fb..55b74238c8 100644
---- a/include/crypto/context.h
-+++ b/include/crypto/context.h
-@@ -46,3 +46,6 @@ void ossl_release_default_drbg_ctx(void);
- #if defined(OPENSSL_THREADS)
- void ossl_threads_ctx_free(void *);
- #endif
-+
-+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *);
-+void ossl_ctx_legacy_digest_signatures_free(void *);
-diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
-index 64851fd8ed..8e01a77ddc 100644
---- a/include/internal/cryptlib.h
-+++ b/include/internal/cryptlib.h
-@@ -117,7 +117,8 @@ typedef struct ossl_ex_data_global_st {
- # define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
- # define OSSL_LIB_CTX_THREAD_INDEX 19
- # define OSSL_LIB_CTX_DECODER_CACHE_INDEX 20
--# define OSSL_LIB_CTX_MAX_INDEXES 20
-+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 21
-+# define OSSL_LIB_CTX_MAX_INDEXES 21
-
- OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
- int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
-diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
-index fd7f7e3331..05464b0655 100644
---- a/include/internal/sslconf.h
-+++ b/include/internal/sslconf.h
-@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
- void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
- char **arg);
-
-+/* Methods to support disabling all signatures with legacy digests */
-+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
-+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
-+ int loadconfig);
- #endif
-diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
-index 0d3acdbe56..fe694c4e96 100644
---- a/providers/common/securitycheck.c
-+++ b/providers/common/securitycheck.c
-@@ -19,6 +19,7 @@
- #include <openssl/core_names.h>
- #include <openssl/obj_mac.h>
- #include "prov/securitycheck.h"
-+#include "internal/sslconf.h"
-
- /*
- * FIPS requires a minimum security strength of 112 bits (for encryption or
-@@ -243,6 +244,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
- mdnid = -1; /* disallowed by security checks */
- }
- # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
-+
-+#ifndef FIPS_MODULE
-+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
-+ /* SHA1 is globally disabled, check whether we want to locally allow
-+ * it. */
-+ if (mdnid == NID_sha1 && !sha1_allowed)
-+ mdnid = -1;
-+#endif
-+
- return mdnid;
- }
-
-diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
-index 246323493e..2ca7a59f39 100644
---- a/providers/common/securitycheck_default.c
-+++ b/providers/common/securitycheck_default.c
-@@ -15,6 +15,7 @@
- #include <openssl/obj_mac.h>
- #include "prov/securitycheck.h"
- #include "internal/nelem.h"
-+#include "internal/sslconf.h"
-
- /* Disable the security checks in the default provider */
- int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
-@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx)
- }
-
- int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
-- ossl_unused int sha1_allowed)
-+ int sha1_allowed)
- {
- int mdnid;
-+ int ldsigs_allowed;
-
- static const OSSL_ITEM name_to_nid[] = {
- { NID_md5, OSSL_DIGEST_NAME_MD5 },
-@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
- { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
- };
-
-- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1);
-+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
-+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
- if (mdnid == NID_undef)
- mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
-+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
-+ mdnid = -1;
- return mdnid;
- }
-diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
-index b89a0f6836..e0c26a13e4 100644
---- a/providers/implementations/signature/dsa_sig.c
-+++ b/providers/implementations/signature/dsa_sig.c
-@@ -125,12 +125,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
- mdprops = ctx->propq;
-
- if (mdname != NULL) {
-- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
- WPACKET pkt;
- EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
-- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
-- sha1_allowed);
-+ int md_nid;
- size_t mdname_len = strlen(mdname);
-+#ifdef FIPS_MODULE
-+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
-+#else
-+ int sha1_allowed = 0;
-+#endif
-+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
-+ sha1_allowed);
-
- if (md == NULL || md_nid < 0) {
- if (md == NULL)
-diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
-index f158105e71..62355b89fe 100644
---- a/providers/implementations/signature/ecdsa_sig.c
-+++ b/providers/implementations/signature/ecdsa_sig.c
-@@ -247,7 +247,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
- "%s could not be fetched", mdname);
- return 0;
- }
-+#ifdef FIPS_MODULE
- sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
-+#else
-+ sha1_allowed = 0;
-+#endif
- md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
- sha1_allowed);
- if (md_nid < 0) {
-diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index c1405f47ea..aeda1a7758 100644
---- a/providers/implementations/signature/rsa_sig.c
-+++ b/providers/implementations/signature/rsa_sig.c
-@@ -25,6 +25,7 @@
- #include "internal/cryptlib.h"
- #include "internal/nelem.h"
- #include "internal/sizes.h"
-+#include "internal/sslconf.h"
- #include "crypto/rsa.h"
- #include "prov/providercommon.h"
- #include "prov/implementations.h"
-@@ -33,6 +34,7 @@
- #include "prov/securitycheck.h"
-
- #define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
-+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
-
- OSSL_FUNC_signature_newctx_fn rsa_newctx;
- static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
-@@ -301,10 +303,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
-
- if (mdname != NULL) {
- EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
-+ int md_nid;
-+ size_t mdname_len = strlen(mdname);
-+#ifdef FIPS_MODULE
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
-- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
-+#else
-+ int sha1_allowed = 0;
-+#endif
-+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
- sha1_allowed);
-- size_t mdname_len = strlen(mdname);
-
- if (md == NULL
- || md_nid <= 0
-@@ -1392,8 +1399,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
- prsactx->pad_mode = pad_mode;
-
- if (prsactx->md == NULL && pmdname == NULL
-- && pad_mode == RSA_PKCS1_PSS_PADDING)
-+ && pad_mode == RSA_PKCS1_PSS_PADDING) {
- pmdname = RSA_DEFAULT_DIGEST_NAME;
-+#ifndef FIPS_MODULE
-+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
-+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
-+ }
-+#endif
-+ }
-+
-
- if (pmgf1mdname != NULL
- && !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 631e1fdef9..05dd7c5595 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -20,6 +20,7 @@
- #include <openssl/bn.h>
- #include <openssl/provider.h>
- #include <openssl/param_build.h>
-+#include "internal/sslconf.h"
- #include "internal/nelem.h"
- #include "internal/sizes.h"
- #include "internal/tlsgroups.h"
-@@ -1506,6 +1507,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
- uint16_t *tls12_sigalgs_list = NULL;
- EVP_PKEY *tmpkey = EVP_PKEY_new();
- int ret = 0;
-+ int ldsigs_allowed;
-
- if (ctx == NULL)
- goto err;
-@@ -1521,6 +1523,7 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
- goto err;
-
- ERR_set_mark();
-+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
- /* First fill cache and tls12_sigalgs list from legacy algorithm list */
- for (i = 0, lu = sigalg_lookup_tbl;
- i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
-@@ -1542,6 +1545,11 @@ int ssl_setup_sigalgs(SSL_CTX *ctx)
- cache[i].enabled = 0;
- continue;
- }
-+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
-+ && !ldsigs_allowed) {
-+ cache[i].enabled = 0;
-+ continue;
-+ }
-
- if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
- cache[i].enabled = 0;
-diff --git a/util/libcrypto.num b/util/libcrypto.num
-index ef97803327..8046454025 100644
---- a/util/libcrypto.num
-+++ b/util/libcrypto.num
-@@ -5536,3 +5536,5 @@ X509_STORE_CTX_set_get_crl 5663 3_2_0 EXIST::FUNCTION:
- X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION:
- OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION:
- BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK
-+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
-+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
---
-2.44.0
-
diff --git a/0049-Current-Rebase-status.patch b/0049-Current-Rebase-status.patch
new file mode 100644
index 0000000..ce52d91
--- /dev/null
+++ b/0049-Current-Rebase-status.patch
@@ -0,0 +1,98 @@
+From 2d29d8aeecb7aa1bf9281fc0aa126a9a4dd9b1c3 Mon Sep 17 00:00:00 2001
+From: Simo Sorce <simo@redhat.com>
+Date: Wed, 12 Feb 2025 17:25:47 -0500
+Subject: [PATCH 49/49] Current Rebase status
+
+Signed-off-by: Simo Sorce <simo@redhat.com>
+---
+ REBASE.txt | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 77 insertions(+)
+
+diff --git a/REBASE.txt b/REBASE.txt
+index 2833a383c1..978d1b0988 100644
+--- a/REBASE.txt
++++ b/REBASE.txt
+@@ -8,3 +8,80 @@ if so we may need to resurrect deleted code in upstream patch:
+ fips: remove redundant RSA encrypt/decrypt KAT
+ --
+
++This does not apply cleanly and I can't figure out the original intent exactly
++to modify the existing code correctly.
++
++--
++0030-0075-FIPS-Use-FFDHE2048-in-self-test.patch.patch
++
++Unnecessary, upstream aleady change to use ffsh2048
++
++--
++0032-0077-FIPS-140-3-zeroization.patch.patch
++
++Unnecessary, but MUST define OPENSSL_PEDANTIC_ZEROIZATION to do the same
++
++--
++0048-Spec-cleanup.patch
++
++Not applied as I did not get in the initial patch that imports into packit
++--
++0049-0117-ignore-unknown-sigalgorithms-groups.patch.patch
++
++Unnecessary, already included in 3.5
++
++--
++0050-0118-no-crl-memleak.patch.patch
++
++Unnecessary, already included in 3.5
++
++--
++0051-0119-provider-sigalgs-in-signaturealgorithms-conf.pa.patch
++
++Unnecessary, already included in 3.5
++
++--
++
++Recheck
++======
++
++- Dropped: openssl speed - skip unavailable dgst
++
++- Dropped: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signa.patch
++
++
++Needed build/spec changes
++====================
++
++Add -DOPENSSL_PEDANTIC_ZEROIZATION to ./Configure line
++This is needed for zeroizations required for FIPS
++
++Add -DREDHAT_FIPS_VENDOR for the module name
++
++Drop 0025-for-tests.patch from dist-git
++We now use a separate config file for tests and for install
++Copy rh-openssl.cnf over the openssl default conf file in the install section.
++
++Testing
++=======
++./Configure \
++ --prefix=%{_prefix} --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
++ --system-ciphers-file=%{_sysconfdir}/crypto-policies/back-ends/opensslcnf.config \
++ zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
++ enable-cms enable-md2 enable-rc5 ${ktlsopt} enable-fips -D_GNU_SOURCE\
++ no-mdc2 no-ec2m no-sm2 no-sm4 no-atexit enable-buildtest-c++\
++ shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\
++ -Wl,--allow-multiple-definition
++
++prefix=$HOME/tmp/openssl-rebase
++sysconfigdir=$prefix/etc
++fips="Rebase Testing"
++sslarch=linux-x86_64
++sslflags=enable-ec_nistp_64_gcc_128
++ktlsopt=enable-ktls
++
++Example Testing
++===============
++
++./Configure --prefix=$HOME/tmp/openssl-rebase --openssldir=$HOME/tmp/openssl-rebase/etc/pki/tls enable-ec_nistp_64_gcc_128 --system-ciphers-file=$HOME/tmp/openssl-rebase/etc/crypto-policies/back-ends/opensslcnf.config zlib enable-camellia enable-seed enable-rfc3779 enable-sctp enable-cms enable-md2 enable-rc5 enable-ktls enable-fips no-mdc2 no-ec2m no-sm2 no-sm4 no-atexit enable-buildtest-c++ shared linux-x86_64 $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DOPENSSL_PEDANTIC_ZEROIZATION -DREDHAT_FIPS_VENDOR="\"Red Hat Enterprise Linux OpenSSL FIPS Provider\"" -DREDHAT_FIPS_VERSION="\"Rebase Testing\""' -Wl,--allow-multiple-definition
++
+--
+2.48.1
+
diff --git a/0050-RCU-ppc64.patch b/0050-RCU-ppc64.patch
new file mode 100644
index 0000000..24ae9db
--- /dev/null
+++ b/0050-RCU-ppc64.patch
@@ -0,0 +1,117 @@
+From 957aa0b999ee76c3f8cfcb3dbdc35778e92ca420 Mon Sep 17 00:00:00 2001
+From: Bernd Edlinger <bernd.edlinger@hotmail.de>
+Date: Sun, 9 Mar 2025 11:20:43 +0100
+Subject: [PATCH] Do some more cleanup in the RCU code
+
+Only a minimum of 2 qp's are necessary: one for the readers,
+and at least one that writers can wait on for retirement.
+There is no need for one additional qp that is always unused.
+Also only one ACQUIRE barrier is necessary in get_hold_current_qp,
+so the ATOMIC_LOAD of the reader_idx can be changed to RELAXED.
+And finally clarify some comments.
+this adds a dummy atomic release operation to update_qp, which
+should make sure that the new value of reader_idx is visible in
+get_hold_current_qp, directly after incrementing the users count.
+
+---
+ crypto/threads_pthread.c | 22 ++++++++++++++--------
+ crypto/threads_win.c | 8 +++-----
+ 2 files changed, 10 insertions(+), 13 deletions(-)
+
+diff --git a/crypto/threads_pthread.c b/crypto/threads_pthread.c
+index a075aec4a746b..5bee5f2c195f1 100644
+--- a/crypto/threads_pthread.c
++++ b/crypto/threads_pthread.c
+@@ -262,6 +262,8 @@ static struct rcu_qp *get_hold_current_qp(struct rcu_lock_st *lock)
+
+ /* get the current qp index */
+ for (;;) {
++ qp_idx = ATOMIC_LOAD_N(uint32_t, &lock->reader_idx, __ATOMIC_RELAXED);
++
+ /*
+ * Notes on use of __ATOMIC_ACQUIRE
+ * We need to ensure the following:
+@@ -272,10 +274,7 @@ static struct rcu_qp *get_hold_current_qp(struct rcu_lock_st *lock)
+ * of the lock is flushed from a local cpu cache so that we see any
+ * updates prior to the load. This is a non-issue on cache coherent
+ * systems like x86, but is relevant on other arches
+- * Note: This applies to the reload below as well
+ */
+- qp_idx = ATOMIC_LOAD_N(uint32_t, &lock->reader_idx, __ATOMIC_ACQUIRE);
+-
+ ATOMIC_ADD_FETCH(&lock->qp_group[qp_idx].users, (uint64_t)1,
+ __ATOMIC_ACQUIRE);
+
+@@ -408,6 +408,13 @@ static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock, uint32_t *curr_id)
+ ATOMIC_STORE_N(uint32_t, &lock->reader_idx, lock->current_alloc_idx,
+ __ATOMIC_RELAXED);
+
++ /*
++ * this should make sure that the new value of reader_idx is visible in
++ * get_hold_current_qp, directly after incrementing the users count
++ */
++ ATOMIC_ADD_FETCH(&lock->qp_group[current_idx].users, (uint64_t)0,
++ __ATOMIC_RELEASE);
++
+ /* wake up any waiters */
+ pthread_cond_signal(&lock->alloc_signal);
+ pthread_mutex_unlock(&lock->alloc_lock);
+@@ -471,6 +470,8 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock)
+ * prior __ATOMIC_RELEASE write operation in ossl_rcu_read_unlock
+ * is visible prior to our read
+ * however this is likely just necessary to silence a tsan warning
++ * because the read side should not do any write operation
++ * outside the atomic itself
+ */
+ do {
+ count = ATOMIC_LOAD_N(uint64_t, &qp->users, __ATOMIC_ACQUIRE);
+@@ -527,10 +528,10 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
+ struct rcu_lock_st *new;
+
+ /*
+- * We need a minimum of 3 qp's
++ * We need a minimum of 2 qp's
+ */
+- if (num_writers < 3)
+- num_writers = 3;
++ if (num_writers < 2)
++ num_writers = 2;
+
+ ctx = ossl_lib_ctx_get_concrete(ctx);
+ if (ctx == NULL)
+@@ -546,8 +547,6 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
+ pthread_mutex_init(&new->alloc_lock, NULL);
+ pthread_cond_init(&new->prior_signal, NULL);
+ pthread_cond_init(&new->alloc_signal, NULL);
+- /* By default our first writer is already alloced */
+- new->writers_alloced = 1;
+
+ new->qp_group = allocate_new_qp_group(new, num_writers);
+ if (new->qp_group == NULL) {
+diff --git a/crypto/threads_win.c b/crypto/threads_win.c
+index 5907ddd379f46..83e9a19de304a 100644
+--- a/crypto/threads_win.c
++++ b/crypto/threads_win.c
+@@ -141,10 +141,10 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
+ struct rcu_lock_st *new;
+
+ /*
+- * We need a minimum of 3 qps
++ * We need a minimum of 2 qps
+ */
+- if (num_writers < 3)
+- num_writers = 3;
++ if (num_writers < 2)
++ num_writers = 2;
+
+ ctx = ossl_lib_ctx_get_concrete(ctx);
+ if (ctx == NULL)
+@@ -163,8 +163,6 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
+ new->alloc_lock = ossl_crypto_mutex_new();
+ new->prior_lock = ossl_crypto_mutex_new();
+ new->qp_group = allocate_new_qp_group(new, num_writers);
+- /* By default the first qp is already alloced */
+- new->writers_alloced = 1;
+ if (new->qp_group == NULL
+ || new->alloc_signal == NULL
+ || new->prior_signal == NULL
diff --git a/0056-strcasecmp.patch b/0056-strcasecmp.patch
deleted file mode 100644
index 4dae62e..0000000
--- a/0056-strcasecmp.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-From 5f4614569d24ff4a98fd021efe5947cb54a6110a Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 8 Jul 2024 11:30:25 +0200
-Subject: [PATCH 23/50] 0056-strcasecmp.patch
-
-Patch-name: 0056-strcasecmp.patch
-Patch-id: 56
-Patch-status: |
- # Originally from https://github.com/openssl/openssl/pull/18103
- # As we rebased to 3.0.7 and used the version of the function
- # not matching the upstream one, we have to use aliasing.
- # When we eliminate this patch, the `-Wl,--allow-multiple-definition`
- # should also be removed
-From-dist-git-commit: e67e9d9c40cd2cb9547e539c658e2b63f2736762
----
- crypto/o_str.c | 14 ++++++++++++--
- test/recipes/01-test_symbol_presence.t | 1 +
- util/libcrypto.num | 2 ++
- 3 files changed, 15 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/o_str.c b/crypto/o_str.c
-index 065460336f..2ecf449b39 100644
---- a/crypto/o_str.c
-+++ b/crypto/o_str.c
-@@ -336,7 +336,12 @@ int openssl_strerror_r(int errnum, char *buf, size_t buflen)
- #endif
- }
-
--int OPENSSL_strcasecmp(const char *s1, const char *s2)
-+int
-+#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
-+__attribute__ ((symver ("OPENSSL_strcasecmp@@OPENSSL_3.0.3"),
-+ symver ("OPENSSL_strcasecmp@OPENSSL_3.0.1")))
-+#endif
-+OPENSSL_strcasecmp(const char *s1, const char *s2)
- {
- int t;
-
-@@ -346,7 +351,12 @@ int OPENSSL_strcasecmp(const char *s1, const char *s2)
- return t;
- }
-
--int OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
-+int
-+#if !defined(FIPS_MODULE) && !defined(OPENSSL_SYS_UEFI)
-+__attribute__ ((symver ("OPENSSL_strncasecmp@@OPENSSL_3.0.3"),
-+ symver ("OPENSSL_strncasecmp@OPENSSL_3.0.1")))
-+#endif
-+OPENSSL_strncasecmp(const char *s1, const char *s2, size_t n)
- {
- int t;
- size_t i;
-diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
-index 222b1886ae..84c76d29a1 100644
---- a/test/recipes/01-test_symbol_presence.t
-+++ b/test/recipes/01-test_symbol_presence.t
-@@ -131,6 +131,7 @@ foreach (sort keys %stlibname) {
- s| .*||;
- # Drop OpenSSL dynamic version information if there is any
- s|\@\@.+$||;
-+ s|\@.+$||;
- # Return the result
- $_
- }
-diff --git a/util/libcrypto.num b/util/libcrypto.num
-index 8046454025..bb99b1e2a4 100644
---- a/util/libcrypto.num
-+++ b/util/libcrypto.num
-@@ -5536,5 +5536,7 @@ X509_STORE_CTX_set_get_crl 5663 3_2_0 EXIST::FUNCTION:
- X509_STORE_CTX_set_current_reasons 5664 3_2_0 EXIST::FUNCTION:
- OSSL_STORE_delete 5665 3_2_0 EXIST::FUNCTION:
- BIO_ADDR_copy 5666 3_2_0 EXIST::FUNCTION:SOCK
-+OPENSSL_strcasecmp ? 3_0_1 EXIST::FUNCTION:
-+OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
- ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
- ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
---
-2.41.0
-
diff --git a/0058-FIPS-limit-rsa-encrypt.patch b/0058-FIPS-limit-rsa-encrypt.patch
deleted file mode 100644
index c4f952b..0000000
--- a/0058-FIPS-limit-rsa-encrypt.patch
+++ /dev/null
@@ -1,949 +0,0 @@
-From 012e319b3d5b936a9208b1c75c13d9c4a2d0cc04 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 24/49] 0058-FIPS-limit-rsa-encrypt.patch
-
-Patch-name: 0058-FIPS-limit-rsa-encrypt.patch
-Patch-id: 58
-Patch-status: |
- # # https://bugzilla.redhat.com/show_bug.cgi?id=2053289
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- providers/common/securitycheck.c | 1 +
- .../implementations/asymciphers/rsa_enc.c | 35 +++++
- .../30-test_evp_data/evppkey_rsa_common.txt | 140 +++++++++++++-----
- test/recipes/80-test_cms.t | 5 +-
- test/recipes/80-test_ssl_old.t | 27 +++-
- 5 files changed, 168 insertions(+), 40 deletions(-)
-
-diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
-index fe694c4e96..f635b5aec8 100644
---- a/providers/common/securitycheck.c
-+++ b/providers/common/securitycheck.c
-@@ -27,6 +27,7 @@
- * Set protect = 1 for encryption or signing operations, or 0 otherwise. See
- * https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
- */
-+/* Red Hat build implements some extra limitations in providers/implementations/asymciphers/rsa_enc.c */
- int ossl_rsa_check_key(OSSL_LIB_CTX *ctx, const RSA *rsa, int operation)
- {
- int protect = 0;
-diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
-index 71bfa344d4..d548560f1f 100644
---- a/providers/implementations/asymciphers/rsa_enc.c
-+++ b/providers/implementations/asymciphers/rsa_enc.c
-@@ -135,6 +135,17 @@ static int rsa_decrypt_init(void *vprsactx, void *vrsa,
- return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT);
- }
-
-+# ifdef FIPS_MODULE
-+static int fips_padding_allowed(const PROV_RSA_CTX *prsactx)
-+{
-+ if (prsactx->pad_mode == RSA_PKCS1_PADDING || prsactx->pad_mode == RSA_NO_PADDING
-+ || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING)
-+ return 0;
-+
-+ return 1;
-+}
-+# endif
-+
- static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
- size_t outsize, const unsigned char *in, size_t inlen)
- {
-@@ -144,6 +155,18 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
- if (!ossl_prov_is_running())
- return 0;
-
-+# ifdef FIPS_MODULE
-+ if (fips_padding_allowed(prsactx) == 0) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
-+ return 0;
-+ }
-+
-+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
-+ return 0;
-+ }
-+# endif
-+
- if (out == NULL) {
- size_t len = RSA_size(prsactx->rsa);
-
-@@ -206,6 +229,18 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
- if (!ossl_prov_is_running())
- return 0;
-
-+# ifdef FIPS_MODULE
-+ if (fips_padding_allowed(prsactx) == 0) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
-+ return 0;
-+ }
-+
-+ if (RSA_bits(prsactx->rsa) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
-+ return 0;
-+ }
-+# endif
-+
- if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) {
- if (out == NULL) {
- *outlen = SSL_MAX_MASTER_KEY_LENGTH;
-diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
-index 76ddc1ec60..62d55308b0 100644
---- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
-+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
-@@ -248,13 +248,13 @@ Input = 64b0e9f9892371110c40ba5739dc0974002aa6e6160b481447c6819947c2d3b537a6e377
- Output = 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
-
- # RSA decrypt
--
-+Availablein = default
- Decrypt = RSA-2048
- Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C701ABF2D4CC67003471A187900B05AA812BD25ED05C675DFC8C97A24A7BF49BD6214992CAD766D05A9A2B57B74F26A737E0237B8B76C45F1F226A836D7CFBC75BA999BDBE48DBC09227AA46C88F21DCCBA7840141AD5A5D71FD122E6BD6AC3E564780DFE623FC1CA9B995A6037BF0BBD43B205A84AC5444F34202C05CE9113087176432476576DE6FFFF9A52EA57C08BE3EC2F49676CB8E12F762AC71FA3C321E00AC988910C85FF52F93825666CE0D40FFAA0592078919D4493F46D95CCF76364C6D57760DD0B64805F9AFC76A2365A5575CA301D5103F0EA76CB9A78
- Output = "Hello World"
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # Note: disable the Bleichenbacher workaround to see if it passes
- Decrypt = RSA-2048
- Ctrl = rsa_pkcs1_implicit_rejection:0
-@@ -262,7 +262,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70
- Output = "Hello World"
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # Corrupted ciphertext
- # Note: output is generated synthethically by the Bleichenbacher workaround
- Decrypt = RSA-2048
-@@ -270,7 +270,7 @@ Input = 550AF55A2904E7B9762352F8FB7FA235A9CB053AACB2D5FCB8CA48453CB2EE3619746C70
- Output = 4cbb988d6a46228379132b0b5f8c249b3860043848c93632fb982c807c7c82fffc7a9ef83f4908f890373ac181ffea6381e103bcaa27e65638b6ecebef38b59ed4226a9d12af675cfcb634d8c40e7a7aff
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # Corrupted ciphertext
- # Note: disable the Bleichenbacher workaround to see if it fails
- Decrypt = RSA-2048
-@@ -345,82 +345,90 @@ PrivPubKeyPair = RSA-2048-2:RSA-2048-2-PUBLIC
- # RSA decrypt
-
- # a random positive test case
-+Availablein = default
- Decrypt = RSA-2048-2
- Input = 8bfe264e85d3bdeaa6b8851b8e3b956ee3d226fd3f69063a86880173a273d9f283b2eebdd1ed35f7e02d91c571981b6737d5320bd8396b0f3ad5b019daec1b0aab3cbbc026395f4fd14f13673f2dfc81f9b660ec26ac381e6db3299b4e460b43fab9955df2b3cfaa20e900e19c856238fd371899c2bf2ce8c868b76754e5db3b036533fd603746be13c10d4e3e6022ebc905d20c2a7f32b215a4cd53b3f44ca1c327d2c2b651145821c08396c89071f665349c25e44d2733cd9305985ceef6430c3cf57af5fa224089221218fa34737c79c446d28a94c41c96e4e92ac53fbcf384dea8419ea089f8784445a492c812eb0d409467f75afd7d4d1078886205a066
- Output = "lorem ipsum dolor sit amet"
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # a random negative test case decrypting to empty
- Decrypt = RSA-2048-2
- Input = 20aaa8adbbc593a924ba1c5c7990b5c2242ae4b99d0fe636a19a4cf754edbcee774e472fe028160ed42634f8864900cb514006da642cae6ae8c7d087caebcfa6dad1551301e130344989a1d462d4164505f6393933450c67bc6d39d8f5160907cabc251b737925a1cf21e5c6aa5781b7769f6a2a583d97cce008c0f8b6add5f0b2bd80bee60237aa39bb20719fe75749f4bc4e42466ef5a861ae3a92395c7d858d430bfe38040f445ea93fa2958b503539800ffa5ce5f8cf51fa8171a91f36cb4f4575e8de6b4d3f096ee140b938fd2f50ee13f0d050222e2a72b0a3069ff3a6738e82c87090caa5aed4fcbe882c49646aa250b98f12f83c8d528113614a29e7
- Output =
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # invalid decrypting to max length message
- Decrypt = RSA-2048-2
- Input = 48cceab10f39a4db32f60074feea473cbcdb7accf92e150417f76b44756b190e843e79ec12aa85083a21f5437e7bad0a60482e601198f9d86923239c8786ee728285afd0937f7dde12717f28389843d7375912b07b991f4fdb0190fced8ba665314367e8c5f9d2981d0f5128feeb46cb50fc237e64438a86df198dd0209364ae3a842d77532b66b7ef263b83b1541ed671b120dfd660462e2107a4ee7b964e734a7bd68d90dda61770658a3c242948532da32648687e0318286473f675b412d6468f013f14d760a358dfcad3cda2afeec5e268a37d250c37f722f468a70dfd92d7294c3c1ee1e7f8843b7d16f9f37ef35748c3ae93aa155cdcdfeb4e78567303
- Output = 22d850137b9eebe092b24f602dc5bb7918c16bd89ddbf20467b119d205f9c2e4bd7d2592cf1e532106e0f33557565923c73a02d4f09c0c22bea89148183e60317f7028b3aa1f261f91c979393101d7e15f4067e63979b32751658ef769610fe97cf9cef3278b3117d384051c3b1d82c251c2305418c8f6840530e631aad63e70e20e025bcd8efb54c92ec6d3b106a2f8e64eeff7d38495b0fc50c97138af4b1c0a67a1c4e27b077b8439332edfa8608dfeae653cd6a628ac550395f7e74390e42c11682234870925eeaa1fa71b76cf1f2ee3bda69f6717033ff8b7c95c9799e7a3bea5e7e4a1c359772fb6b1c6e6c516661dfe30c3
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
- # invalid decrypting to message with length specified by second to last value from PRF
-+Availablein = default
- Decrypt = RSA-2048-2
- Input = 1439e08c3f84c1a7fec74ce07614b20e01f6fa4e8c2a6cffdc3520d8889e5d9a950c6425798f85d4be38d300ea5695f13ecd4cb389d1ff5b82484b494d6280ab7fa78e645933981cb934cce8bfcd114cc0e6811eefa47aae20af638a1cd163d2d3366186d0a07df0c81f6c9f3171cf3561472e98a6006bf75ddb457bed036dcce199369de7d94ef2c68e8467ee0604eea2b3009479162a7891ba5c40cab17f49e1c438cb6eaea4f76ce23cce0e483ff0e96fa790ea15be67671814342d0a23f4a20262b6182e72f3a67cd289711503c85516a9ed225422f98b116f1ab080a80abd6f0216df88d8cfd67c139243be8dd78502a7aaf6bc99d7da71bcdf627e7354
- Output = 0f9b
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # invalid decrypting to message with length specified by third to last value from PRF
- Decrypt = RSA-2048-2
- Input = 1690ebcceece2ce024f382e467cf8510e74514120937978576caf684d4a02ad569e8d76cbe365a060e00779de2f0865ccf0d923de3b4783a4e2c74f422e2f326086c390b658ba47f31ab013aa80f468c71256e5fa5679b24e83cd82c3d1e05e398208155de2212993cd2b8bab6987cf4cc1293f19909219439d74127545e9ed8a706961b8ee2119f6bfacafbef91b75a789ba65b8b833bc6149cf49b5c4d2c6359f62808659ba6541e1cd24bf7f7410486b5103f6c0ea29334ea6f4975b17387474fe920710ea61568d7b7c0a7916acf21665ad5a31c4eabcde44f8fb6120d8457afa1f3c85d517cda364af620113ae5a3c52a048821731922737307f77a1081
- Output = 4f02
-
- # positive test with 11 byte long value
-+Availablein = default
- Decrypt = RSA-2048-2
- Input = 6213634593332c485cef783ea2846e3d6e8b0e005cd8293eaebbaa5079712fd681579bdfbbda138ae4d9d952917a03c92398ec0cb2bb0c6b5a8d55061fed0d0d8d72473563152648cfe640b335dc95331c21cb133a91790fa93ae44497c128708970d2beeb77e8721b061b1c44034143734a77be8220877415a6dba073c3871605380542a9f25252a4babe8331cdd53cf828423f3cc70b560624d0581fb126b2ed4f4ed358f0eb8065cf176399ac1a846a31055f9ae8c9c24a1ba050bc20842125bc1753158f8065f3adb9cc16bfdf83816bdf38b624f12022c5a6fbfe29bc91542be8c0208a770bcd677dc597f5557dc2ce28a11bf3e3857f158717a33f6592
- Output = "lorem ipsum"
-
- # positive test with 11 byte long value and zero padded ciphertext
-+Availablein = default
- Decrypt = RSA-2048-2
- Input = 00a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
- Output = "lorem ipsum"
-
- # positive test with 11 byte long value and zero truncated ciphertext
-+Availablein = default
- Decrypt = RSA-2048-2
- Input = a2e8f114ea8d05d12dc843e3cc3b2edc8229ff2a028bda29ba9d55e3cd02911902fef1f42a075bf05e8016e8567213d6f260fa49e360779dd81aeea3e04c2cb567e0d72b98bf754014561b7511e083d20e0bfb9cd23f8a0d3c88900c49d2fcd5843ff0765607b2026f28202a87aa94678aed22a0c20724541394cd8f44e373eba1d2bae98f516c1e2ba3d86852d064f856b1daf24795e767a2b90396e50743e3150664afab131fe40ea405dcf572dd1079af1d3f0392ccadcca0a12740dbb213b925ca2a06b1bc1383e83a658c82ba2e7427342379084d5f66b544579f07664cb26edd4f10fd913fdbc0de05ef887d4d1ec1ac95652397ea7fd4e4759fda8b
- Output = "lorem ipsum"
-
- # positive test with 11 byte long value and double zero padded ciphertext
-+Availablein = default
- Decrypt = RSA-2048-2
- Input = 00001f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
- Output = "lorem ipsum"
-
- # positive test with 11 byte long value and double zero truncated ciphertext
-+Availablein = default
- Decrypt = RSA-2048-2
- Input = 1f71879b426127f7dead621f7380a7098cf7d22173aa27991b143c46d53383c209bd0c9c00d84078037e715f6b98c65005a77120070522ede51d472c87ef94b94ead4c5428ee108a345561658301911ec5a8f7dd43ed4a3957fd29fb02a3529bf63f8040d3953490939bd8f78b2a3404b6fb5ff70a4bfdaac5c541d6bcce49c9778cc390be24cbef1d1eca7e870457241d3ff72ca44f9f56bdf31a890fa5eb3a9107b603ccc9d06a5dd911a664c82b6abd4fe036f8db8d5a070c2d86386ae18d97adc1847640c211d91ff5c3387574a26f8ef27ca7f48d2dd1f0c7f14b81cc9d33ee6853031d3ecf10a914ffd90947909c8011fd30249219348ebff76bfc
- Output = "lorem ipsum"
-
- # positive that generates a 0 byte long synthetic message internally
-+Availablein = default
- Decrypt = RSA-2048-2
- Input = b5e49308f6e9590014ffaffc5b8560755739dd501f1d4e9227a7d291408cf4b753f292322ff8bead613bf2caa181b221bc38caf6392deafb28eb21ad60930841ed02fd6225cc9c463409adbe7d8f32440212fbe3881c51375bb09565efb22e62b071472fb38676e5b4e23a0617db5d14d93519ac0007a30a9c822eb31c38b57fcb1be29608fcf1ca2abdcaf5d5752bbc2b5ac7dba5afcff4a5641da360dd01f7112539b1ed46cdb550a3b1006559b9fe1891030ec80f0727c42401ddd6cbb5e3c80f312df6ec89394c5a7118f573105e7ab00fe57833c126141b50a935224842addfb479f75160659ba28877b512bb9a93084ad8bec540f92640f63a11a010e0
- Output = "lorem ipsum"
-
- # positive that generates a 245 byte long synthetic message internally
-+Availablein = default
- Decrypt = RSA-2048-2
- Input = 1ea0b50ca65203d0a09280d39704b24fe6e47800189db5033f202761a78bafb270c5e25abd1f7ecc6e7abc4f26d1b0cd9b8c648d529416ee64ccbdd7aa72a771d0353262b543f0e436076f40a1095f5c7dfd10dcf0059ccb30e92dfa5e0156618215f1c3ff3aa997a9d999e506924f5289e3ac72e5e2086cc7b499d71583ed561028671155db4005bee01800a7cdbdae781dd32199b8914b5d4011dd6ff11cd26d46aad54934d293b0bc403dd211bf13b5a5c6836a5e769930f437ffd8634fb7371776f4bc88fa6c271d8aa6013df89ae6470154497c4ac861be2a1c65ebffec139bf7aaba3a81c7c5cdd84da9af5d3edfb957848074686b5837ecbcb6a41c50
- Output = "lorem ipsum"
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # a random negative test that generates an 11 byte long message
- Decrypt = RSA-2048-2
- Input = 5f02f4b1f46935c742ebe62b6f05aa0a3286aab91a49b34780adde6410ab46f7386e05748331864ac98e1da63686e4babe3a19ed40a7f5ceefb89179596aab07ab1015e03b8f825084dab028b6731288f2e511a4b314b6ea3997d2e8fe2825cef8897cbbdfb6c939d441d6e04948414bb69e682927ef8576c9a7090d4aad0e74c520d6d5ce63a154720f00b76de8cc550b1aa14f016d63a7b6d6eaa1f7dbe9e50200d3159b3d099c900116bf4eba3b94204f18b1317b07529751abf64a26b0a0bf1c8ce757333b3d673211b67cc0653f2fe2620d57c8b6ee574a0323a167eab1106d9bc7fd90d415be5f1e9891a0e6c709f4fc0404e8226f8477b4e939b36eb2
- Output = af9ac70191c92413cb9f2d
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an otherwise correct plaintext, but with wrong first byte
- # (0x01 instead of 0x00), generates a random 11 byte long plaintext
- Decrypt = RSA-2048-2
-@@ -428,7 +436,7 @@ Input = 9b2ec9c0c917c98f1ad3d0119aec6be51ae3106e9af1914d48600ab6a2c0c0c8ae02a2dc
- Output = a1f8c9255c35cfba403ccc
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an otherwise correct plaintext, but with wrong second byte
- # (0x01 instead of 0x02), generates a random 11 byte long plaintext
- Decrypt = RSA-2048-2
-@@ -436,7 +444,7 @@ Input = 782c2b59a21a511243820acedd567c136f6d3090c115232a82a5efb0b178285f55b5ec2d
- Output = e6d700309ca0ed62452254
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an invalid ciphertext, with a zero byte in first byte of
- # ciphertext, decrypts to a random 11 byte long synthetic
- # plaintext
-@@ -445,7 +453,7 @@ Input = 0096136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2a
- Output = ba27b1842e7c21c0e7ef6a
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an invalid ciphertext, with a zero byte removed from first byte of
- # ciphertext, decrypts to a random 11 byte long synthetic
- # plaintext
-@@ -454,7 +462,7 @@ Input = 96136621faf36d5290b16bd26295de27f895d1faa51c800dafce73d001d60796cd4e2ac3
- Output = ba27b1842e7c21c0e7ef6a
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an invalid ciphertext, with two zero bytes in first bytes of
- # ciphertext, decrypts to a random 11 byte long synthetic
- # plaintext
-@@ -463,7 +471,7 @@ Input = 0000587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f
- Output = d5cf555b1d6151029a429a
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an invalid ciphertext, with two zero bytes removed from first bytes of
- # ciphertext, decrypts to a random 11 byte long synthetic
- # plaintext
-@@ -472,7 +480,7 @@ Input = 587cccc6b264bdfe0dc2149a988047fa921801f3502ea64624c510c6033d2f427e3f136c
- Output = d5cf555b1d6151029a429a
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # and invalid ciphertext, otherwise valid but starting with 000002, decrypts
- # to random 11 byte long synthetic plaintext
- Decrypt = RSA-2048-2
-@@ -480,7 +488,7 @@ Input = 1786550ce8d8433052e01ecba8b76d3019f1355b212ac9d0f5191b023325a7e7714b7802
- Output = 3d4a054d9358209e9cbbb9
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # negative test with otherwise valid padding but a zero byte in first byte
- # of padding
- Decrypt = RSA-2048-2
-@@ -488,7 +496,7 @@ Input = 179598823812d2c58a7eb50521150a48bcca8b4eb53414018b6bca19f4801456c5e36a94
- Output = 1f037dd717b07d3e7f7359
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # negative test with otherwise valid padding but a zero byte at the eighth
- # byte of padding
- Decrypt = RSA-2048-2
-@@ -496,7 +504,7 @@ Input = a7a340675a82c30e22219a55bc07cdf36d47d01834c1834f917f18b517419ce9de2a9646
- Output = 63cb0bf65fc8255dd29e17
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # negative test with an otherwise valid plaintext but with missing separator
- # byte
- Decrypt = RSA-2048-2
-@@ -551,53 +559,58 @@ PrivPubKeyPair = RSA-2049:RSA-2049-PUBLIC
- # RSA decrypt
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # malformed that generates length specified by 3rd last value from PRF
- Decrypt = RSA-2049
- Input = 00b26f6404b82649629f2704494282443776929122e279a9cf30b0c6fe8122a0a9042870d97cc8ef65490fe58f031eb2442352191f5fbc311026b5147d32df914599f38b825ebb824af0d63f2d541a245c5775d1c4b78630e4996cc5fe413d38455a776cf4edcc0aa7fccb31c584d60502ed2b77398f536e137ff7ba6430e9258e21c2db5b82f5380f566876110ac4c759178900fbad7ab70ea07b1daf7a1639cbb4196543a6cbe8271f35dddb8120304f6eef83059e1c5c5678710f904a6d760c4d1d8ad076be17904b9e69910040b47914a0176fb7eea0c06444a6c4b86d674d19a556a1de5490373cb01ce31bbd15a5633362d3d2cd7d4af1b4c5121288b894
- Output = 42
-
- # simple positive test case
-+Availablein = default
- Decrypt = RSA-2049
- Input = 013300edbf0bb3571e59889f7ed76970bf6d57e1c89bbb6d1c3991d9df8e65ed54b556d928da7d768facb395bbcc81e9f8573b45cf8195dbd85d83a59281cddf4163aec11b53b4140053e3bd109f787a7c3cec31d535af1f50e0598d85d96d91ea01913d07097d25af99c67464ebf2bb396fb28a9233e56f31f7e105d71a23e9ef3b736d1e80e713d1691713df97334779552fc94b40dd733c7251bc522b673d3ec9354af3dd4ad44fa71c0662213a57ada1d75149697d0eb55c053aaed5ffd0b815832f454179519d3736fb4faf808416071db0d0f801aca8548311ee708c131f4be658b15f6b54256872c2903ac708bd43b017b073b5707bc84c2cd9da70e967
- Output = "lorem ipsum"
-
- # positive test case with null padded ciphertext
-+Availablein = default
- Decrypt = RSA-2049
- Input = 0002aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
- Output = "lorem ipsum"
-
- # positive test case with null truncated ciphertext
-+Availablein = default
- Decrypt = RSA-2049
- Input = 02aadf846a329fadc6760980303dbd87bfadfa78c2015ce4d6c5782fd9d3f1078bd3c0a2c5bfbdd1c024552e5054d98b5bcdc94e476dd280e64d650089326542ce7c61d4f1ab40004c2e6a88a883613568556a10f3f9edeab67ae8dddc1e6b0831c2793d2715de943f7ce34c5c05d1b09f14431fde566d17e76c9feee90d86a2c158616ec81dda0c642f58c0ba8fa4495843124a7235d46fb4069715a51bf710fd024259131ba94da73597ace494856c94e7a3ec261545793b0990279b15fa91c7fd13dbfb1df2f221dab9fa9f7c1d21e48aa49f6aaecbabf5ee76dc6c2af2317ffb4e303115386a97f8729afc3d0c89419669235f1a3a69570e0836c79fc162
- Output = "lorem ipsum"
-
- # positive test case with double null padded ciphertext
-+Availablein = default
- Decrypt = RSA-2049
- Input = 0000f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
- Output = "lorem ipsum"
-
- # positive test case with double null truncated ciphertext
-+Availablein = default
- Decrypt = RSA-2049
- Input = f36da3b72d8ff6ded74e7efd08c01908f3f5f0de7b55eab92b5f875190809c39d4162e1e6649618f854fd84aeab03970d16bb814e999852c06de38d82b95c0f32e2a7b5714021fe303389be9c0eac24c90a6b7210f929d390fabf903d44e04110bb7a7fd6c383c275804721efa6d7c93aa64c0bb2b18d97c5220a846c66a4895ae52adddbe2a9996825e013585adcec4b32ba61d782737bd343e5fabd68e8a95b8b1340318559860792dd70dffbe05a1052b54cbfb48cfa7bb3c19cea52076bddac5c25ee276f153a610f6d06ed696d192d8ae4507ffae4e5bdda10a625d6b67f32f7cffcd48dee2431fe66f6105f9d17e611cdcc674868e81692a360f4052
- Output = "lorem ipsum"
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # a random negative test case that generates an 11 byte long message
- Decrypt = RSA-2049
- Input = 00f910200830fc8fff478e99e145f1474b312e2512d0f90b8cef77f8001d09861688c156d1cbaf8a8957f7ebf35f724466952d0524cad48aad4fba1e45ce8ea27e8f3ba44131b7831b62d60c0762661f4c1d1a88cd06263a259abf1ba9e6b0b172069afb86a7e88387726f8ab3adb30bfd6b3f6be6d85d5dfd044e7ef052395474a9cbb1c3667a92780b43a22693015af6c513041bdaf87d43b24ddd244e791eeaea1066e1f4917117b3a468e22e0f7358852bb981248de4d720add2d15dccba6280355935b67c96f9dcb6c419cc38ab9f6fba2d649ef2066e0c34c9f788ae49babd9025fa85b21113e56ce4f43aa134c512b030dd7ac7ce82e76f0be9ce09ebca
- Output = 1189b6f5498fd6df532b00
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # otherwise correct plaintext, but with wrong first byte (0x01 instead of 0x00)
- Decrypt = RSA-2049
- Input = 002c9ddc36ba4cf0038692b2d3a1c61a4bb3786a97ce2e46a3ba74d03158aeef456ce0f4db04dda3fe062268a1711250a18c69778a6280d88e133a16254e1f0e30ce8dac9b57d2e39a2f7d7be3ee4e08aec2fdbe8dadad7fdbf442a29a8fb40857407bf6be35596b8eefb5c2b3f58b894452c2dc54a6123a1a38d642e23751746597e08d71ac92704adc17803b19e131b4d1927881f43b0200e6f95658f559f912c889b4cd51862784364896cd6e8618f485a992f82997ad6a0917e32ae5872eaf850092b2d6c782ad35f487b79682333c1750c685d7d32ab3e1538f31dcaa5e7d5d2825875242c83947308dcf63ba4bfff20334c9c140c837dbdbae7a8dee72ff
- Output = f6d0f5b78082fe61c04674
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # otherwise correct plaintext, but with wrong second byte (0x01 instead of 0x02)
- Decrypt = RSA-2049
- Input = 00c5d77826c1ab7a34d6390f9d342d5dbe848942e2618287952ba0350d7de6726112e9cebc391a0fae1839e2bf168229e3e0d71d4161801509f1f28f6e1487ca52df05c466b6b0a6fbbe57a3268a970610ec0beac39ec0fa67babce1ef2a86bf77466dc127d7d0d2962c20e66593126f276863cd38dc6351428f884c1384f67cad0a0ffdbc2af16711fb68dc559b96b37b4f04cd133ffc7d79c43c42ca4948fa895b9daeb853150c8a5169849b730cc77d68b0217d6c0e3dbf38d751a1998186633418367e7576530566c23d6d4e0da9b038d0bb5169ce40133ea076472d055001f0135645940fd08ea44269af2604c8b1ba225053d6db9ab43577689401bdc0f3
-@@ -661,14 +674,14 @@ ooCElYcob01/JWzoXl61Z5sdrMH5CVZJty5foHKusAN5AgMBAAE=
- PrivPubKeyPair = RSA-3072:RSA-3072-PUBLIC
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # a random invalid ciphertext that generates an empty synthetic one
- Decrypt = RSA-3072
- Input = 5e956cd9652f4a2ece902931013e09662b6a9257ad1e987fb75f73a0606df2a4b04789770820c2e02322c4e826f767bd895734a01e20609c3be4517a7a2a589ea1cdc137beb73eb38dac781b52e863de9620f79f9b90fd5b953651fcbfef4a9f1cc07421d511a87dd6942caab6a5a0f4df473e62defb529a7de1509ab99c596e1dff1320402298d8be73a896cc86c38ae3f2f576e9ea70cc28ad575cb0f854f0be43186baa9c18e29c47c6ca77135db79c811231b7c1730955887d321fdc06568382b86643cf089b10e35ab23e827d2e5aa7b4e99ff2e914f302351819eb4d1693243b35f8bf1d42d08f8ec4acafa35f747a4a975a28643ec630d8e4fa5be59d81995660a14bb64c1fea5146d6b11f92da6a3956dd5cb5e0d747cf2ea23f81617769185336263d46ef4c144b754de62a6337342d6c85a95f19f015724546ee3fc4823eca603dbc1dc01c2d5ed50bd72d8e96df2dc048edde0081284068283fc5e73a6139851abf2f29977d0b3d160c883a42a37efba1be05c1a0b1741d7ddf59
- Output =
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # a random invalid that has PRF output with a length one byte too long
- # in the last value
- Decrypt = RSA-3072
-@@ -676,46 +689,51 @@ Input = 7db0390d75fcf9d4c59cf27b264190d856da9abd11e92334d0e5f71005cfed865a711dfa
- Output = 56a3bea054e01338be9b7d7957539c
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # a random invalid that generates a synthetic of maximum size
- Decrypt = RSA-3072
- Input = 1715065322522dff85049800f6a29ab5f98c465020467414b2a44127fe9446da47fa18047900f99afe67c2df6f50160bb8e90bff296610fde632b3859d4d0d2e644f23835028c46cca01b84b88231d7e03154edec6627bcba23de76740d839851fa12d74c8f92e540c73fe837b91b7d699b311997d5f0f7864c486d499c3a79c111faaacbe4799597a25066c6200215c3d158f3817c1aa57f18bdaad0be1658da9da93f5cc6c3c4dd72788af57adbb6a0c26f42d32d95b8a4f95e8c6feb2f8a5d53b19a50a0b7cbc25e055ad03e5ace8f3f7db13e57759f67b65d143f08cca15992c6b2aae643390483de111c2988d4e76b42596266005103c8de6044fb7398eb3c28a864fa672de5fd8774510ff45e05969a11a4c7d3f343e331190d2dcf24fb9154ba904dc94af98afc5774a9617d0418fe6d13f8245c7d7626c176138dd698a23547c25f27c2b98ea4d8a45c7842b81888e4cc14e5b72e9cf91f56956c93dbf2e5f44a8282a7813157fc481ff1371a0f66b31797e81ebdb09a673d4db96d6
- Output = 7b036fcd6243900e4236c894e2462c17738acc87e01a76f4d95cb9a328d9acde81650283b8e8f60a217e3bdee835c7b222ad4c85d0acdb9a309bd2a754609a65dec50f3aa04c6d5891034566b9563d42668ede1f8992b17753a2132e28970584e255efc8b45a41c5dbd7567f014acec5fe6fdb6d484790360a913ebb9defcd74ff377f2a8ba46d2ed85f733c9a3da08eb57ecedfafda806778f03c66b2c5d2874cec1c291b2d49eb194c7b5d0dd2908ae90f4843268a2c45563092ade08acb6ab481a08176102fc803fbb2f8ad11b0e1531bd37df543498daf180b12017f4d4d426ca29b4161075534bfb914968088a9d13785d0adc0e2580d3548494b2a9e91605f2b27e6cc701c796f0de7c6f471f6ab6cb9272a1ed637ca32a60d117505d82af3c1336104afb537d01a8f70b510e1eebf4869cb976c419473795a66c7f5e6e20a8094b1bb603a74330c537c5c0698c31538bd2e138c1275a1bdf24c5fa8ab3b7b526324e7918a382d1363b3d463764222150e04
-
- # a positive test case that decrypts to 9 byte long value
-+Availablein = default
- Decrypt = RSA-3072
- Input = 6c60845a854b4571f678941ae35a2ac03f67c21e21146f9db1f2306be9f136453b86ad55647d4f7b5c9e62197aaff0c0e40a3b54c4cde14e774b1c5959b6c2a2302896ffae1f73b00b862a20ff4304fe06cea7ff30ecb3773ca9af27a0b54547350d7c07dfb0a39629c7e71e83fc5af9b2adbaf898e037f1de696a3f328cf45af7ec9aff7173854087fb8fbf34be981efbd8493f9438d1b2ba2a86af082662aa46ae9adfbec51e5f3d9550a4dd1dcb7c8969c9587a6edc82a8cabbc785c40d9fbd12064559fb769450ac3e47e87bc046148130d7eaa843e4b3ccef3675d0630500803cb7ffee3882378c1a404e850c3e20707bb745e42b13c18786c4976076ed9fa8fd0ff15e571bef02cbbe2f90c908ac3734a433b73e778d4d17fcc28f49185ebc6e8536a06d293202d94496453bfdf1c2c7833a3f99fa38ca8a81f42eaa529d603b890308a319c0ab63a35ff8ebac965f6278f5a7e5d622be5d5fe55f0ca3ec993d55430d2bf59c5d3e860e90c16d91a04596f6fdf60d89ed95d88c036dde
- Output = "forty two"
-
- # a positive test case with null padded ciphertext
-+Availablein = default
- Decrypt = RSA-3072
- Input = 00f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
- Output = "forty two"
-
- # a positive test case with null truncated ciphertext
-+Availablein = default
- Decrypt = RSA-3072
- Input = f4d565a3286784dbb85327db8807ae557ead229f92aba945cecda5225f606a7d6130edeeb6f26724d1eff1110f9eb18dc3248140ee3837e6688391e78796c526791384f045e21b6b853fb6342a11f309eb77962f37ce23925af600847fbd30e6e07e57de50b606e6b7f288cc777c1a6834f27e6edace508452128916eef7788c8bb227e3548c6a761cc4e9dd1a3584176dc053ba3500adb1d5e1611291654f12dfc5722832f635db3002d73f9defc310ace62c63868d341619c7ee15b20243b3371e05078e11219770c701d9f341af35df1bc729de294825ff2e416aa11526612852777eb131f9c45151eb144980d70608d2fc4043477368369aa0fe487a48bd57e66b00c3c58f941549f5ec050fca64449debe7a0c4ac51e55cb71620a70312aa4bd85fac1410c9c7f9d6ec610b7d11bf8faeffa20255d1a1bead9297d0aa8765cd2805847d639bc439f4a6c896e2008f746f9590ff4596de5ddde000ed666c452c978043ff4298461eb5a26d5e63d821438627f91201924bf7f2aeee1727
- Output = "forty two"
-
- # a positive test case with double null padded ciphertext
-+Availablein = default
- Decrypt = RSA-3072
- Input = 00001ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
- Output = "forty two"
-
- # a positive test case with double null truncated ciphertext
-+Availablein = default
- Decrypt = RSA-3072
- Input = 1ec97ac981dfd9dcc7a7389fdfa9d361141dac80c23a060410d472c16094e6cdffc0c3684d84aa402d7051dfccb2f6da33f66985d2a259f5b7fbf39ac537e95c5b7050eb18844a0513abef812cc8e74a3c5240009e6e805dcadf532bc1a2702d5acc9e585fad5b89d461fcc1397351cdce35171523758b171dc041f412e42966de7f94856477356d06f2a6b40e3ff0547562a4d91bbf1338e9e049facbee8b20171164505468cd308997447d3dc4b0acb49e7d368fedd8c734251f30a83491d2506f3f87318cc118823244a393dc7c5c739a2733d93e1b13db6840a9429947357f47b23fbe39b7d2d61e5ee26f9946c4632f6c4699e452f412a26641d4751135400713cd56ec66f0370423d55d2af70f5e7ad0adea8e4a0d904a01e4ac272eba4af1a029dd53eb71f115bf31f7a6c8b19a6523adeecc0d4c3c107575e38572a8f8474ccad163e46e2e8b08111132aa97a16fb588c9b7e37b3b3d7490381f3c55d1a9869a0fd42cd86fed59ecec78cb6b2dfd06a497f5afe3419691314ba0
- Output = "forty two"
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # a random negative test case that generates a 9 byte long message
- Decrypt = RSA-3072
- Input = 5c8555f5cef627c15d37f85c7f5fd6e499264ea4b8e3f9112023aeb722eb38d8eac2be3751fd5a3785ab7f2d59fa3728e5be8c3de78a67464e30b21ee23b5484bb3cd06d0e1c6ad25649c8518165653eb80488bfb491b20c04897a6772f69292222fc5ef50b5cf9efc6d60426a449b6c489569d48c83488df629d695653d409ce49a795447fcec2c58a1a672e4a391401d428baaf781516e11e323d302fcf20f6eab2b2dbe53a48c987e407c4d7e1cb41131329138313d330204173a4f3ff06c6fadf970f0ed1005d0b27e35c3d11693e0429e272d583e57b2c58d24315c397856b34485dcb077665592b747f889d34febf2be8fce66c265fd9fc3575a6286a5ce88b4b413a08efc57a07a8f57a999605a837b0542695c0d189e678b53662ecf7c3d37d9dbeea585eebfaf79141118e06762c2381fe27ca6288edddc19fd67cd64f16b46e06d8a59ac530f22cd83cc0bc4e37feb52015cbb2283043ccf5e78a4eb7146827d7a466b66c8a4a4826c1bad68123a7f2d00fc1736525ff90c058f56
- Output = 257906ca6de8307728
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # a random negative test case that generates a 9 byte long message based on
- # second to last value from PRF
- Decrypt = RSA-3072
-@@ -723,7 +741,7 @@ Input = 758c215aa6acd61248062b88284bf43c13cb3b3d02410be4238607442f1c0216706e21a0
- Output = 043383c929060374ed
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # a random negative test that generates message based on 3rd last value from
- # PRF
- Decrypt = RSA-3072
-@@ -731,35 +749,35 @@ Input = 7b22d5e62d287968c6622171a1f75db4b0fd15cdf3134a1895d235d56f8d8fe619f2bf48
- Output = 70263fa6050534b9e0
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an otherwise valid plaintext, but with wrong first byte (0x01 instead of 0x00)
- Decrypt = RSA-3072
- Input = 6db80adb5ff0a768caf1378ecc382a694e7d1bde2eff4ba12c48aaf794ded7a994a5b2b57acec20dbec4ae385c9dd531945c0f197a5496908725fc99d88601a17d3bb0b2d38d2c1c3100f39955a4cb3dbed5a38bf900f23d91e173640e4ec655c84fdfe71fcdb12a386108fcf718c9b7af37d39703e882436224c877a2235e8344fba6c951eb7e2a4d1d1de81fb463ac1b880f6cc0e59ade05c8ce35179ecd09546731fc07b141d3d6b342a97ae747e61a9130f72d37ac5a2c30215b6cbd66c7db893810df58b4c457b4b54f34428247d584e0fa71062446210db08254fb9ead1ba1a393c724bd291f0cf1a7143f32df849051dc896d7d176fef3b57ab6dffd626d0c3044e9edb2e3d012ace202d2581df01bec7e9aa0727a6650dd373d374f0bc0f4a611f8139dfe97d63e70c6188f4df5b672e47c51d8aa567097293fbff127c75ec690b43407578b73c85451710a0cece58fd497d7f7bd36a8a92783ef7dc6265dff52aac8b70340b996508d39217f2783ce6fc91a1cc94bb2ac487b84f62
- Output = 6d8d3a094ff3afff4c
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an otherwise valid plaintext, but with wrong second byte (0x01 instead of 0x02)
- Decrypt = RSA-3072
- Input = 417328c034458563079a4024817d0150340c34e25ae16dcad690623f702e5c748a6ebb3419ff48f486f83ba9df35c05efbd7f40613f0fc996c53706c30df6bba6dcd4a40825f96133f3c21638a342bd4663dffbd0073980dac47f8c1dd8e97ce1412e4f91f2a8adb1ac2b1071066efe8d718bbb88ca4a59bd61500e826f2365255a409bece0f972df97c3a55e09289ef5fa815a2353ef393fd1aecfc888d611c16aec532e5148be15ef1bf2834b8f75bb26db08b66d2baad6464f8439d1986b533813321dbb180080910f233bcc4dd784fb21871aef41be08b7bfad4ecc3b68f228cb5317ac6ec1227bc7d0e452037ba918ee1da9fdb8393ae93b1e937a8d4691a17871d5092d2384b6190a53df888f65b951b05ed4ad57fe4b0c6a47b5b22f32a7f23c1a234c9feb5d8713d949686760680da4db454f4acad972470033472b9864d63e8d23eefc87ebcf464ecf33f67fbcdd48eab38c5292586b36aef5981ed2fa07b2f9e23fc57d9eb71bfff4111c857e9fff23ceb31e72592e70c874b4936
- Output = c6ae80ffa80bc184b0
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an otherwise valid plaintext, but with zero byte in first byte of padding
- Decrypt = RSA-3072
- Input = 8542c626fe533467acffcd4e617692244c9b5a3bf0a215c5d64891ced4bf4f9591b4b2aedff9843057986d81631b0acb3704ec2180e5696e8bd15b217a0ec36d2061b0e2182faa3d1c59bd3f9086a10077a3337a3f5da503ec3753535ffd25b837a12f2541afefd0cffb0224b8f874e4bed13949e105c075ed44e287c5ae03b155e06b90ed247d2c07f1ef3323e3508cce4e4074606c54172ad74d12f8c3a47f654ad671104bf7681e5b061862747d9afd37e07d8e0e2291e01f14a95a1bb4cbb47c304ef067595a3947ee2d722067e38a0f046f43ec29cac6a8801c6e3e9a2331b1d45a7aa2c6af3205be382dd026e389614ee095665a611ab2e8dced2ee1c9d08ac9de11aef5b3803fc9a9ce8231ec87b5fed386fb92ee3db995a89307bcba844bd0a691c29ae51216e949dfc813133cb06a07265fd807bcb3377f6adb0a481d9b7f442003115895939773e6b95371c4febef29edae946fa245e7c50729e2e558cfaad773d1fd5f67b457a6d9d17a847c6fcbdb103a86f35f228cefc06cea0
- Output = a8a9301daa01bb25c7
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an otherwise valid plaintext, but with zero byte in eight byte of padding
- Decrypt = RSA-3072
- Input = 449dfa237a70a99cb0351793ec8677882021c2aa743580bf6a0ea672055cffe8303ac42855b1d1f3373aae6af09cb9074180fc963e9d1478a4f98b3b4861d3e7f0aa8560cf603711f139db77667ca14ba3a1acdedfca9ef4603d6d7eb0645bfc805304f9ad9d77d34762ce5cd84bd3ec9d35c30e3be72a1e8d355d5674a141b5530659ad64ebb6082e6f73a80832ab6388912538914654d34602f4b3b1c78589b4a5d964b2efcca1dc7004c41f6cafcb5a7159a7fc7c0398604d0edbd4c8f4f04067da6a153a05e7cbeea13b5ee412400ef7d4f3106f4798da707ec37a11286df2b7a204856d5ff773613fd1e453a7114b78e347d3e8078e1cb3276b3562486ba630bf719697e0073a123c3e60ebb5c7a1ccff4279faffa2402bc1109f8d559d6766e73591943dfcf25ba10c3762f02af85187799b8b4b135c3990793a6fd32642f1557405ba55cc7cf7336a0e967073c5fa50743f9cc5e3017c172d9898d2af83345e71b3e0c22ab791eacb6484a32ec60ebc226ec9deaee91b1a0560c2b571
- Output = 6c716fe01d44398018
-
- # The old FIPS provider doesn't include the workaround (#13817)
--FIPSversion = >=3.2.0
-+Availablein = default
- # an otherwise valid plaintext, but with null separator missing
- Decrypt = RSA-3072
- Input = a7a5c99e50da48769ecb779d9abe86ef9ec8c38c6f43f17c7f2d7af608a4a1bd6cf695b47e97c191c61fb5a27318d02f495a176b9fae5a55b5d3fabd1d8aae4957e3879cb0c60f037724e11be5f30f08fc51c033731f14b44b414d11278cd3dba7e1c8bfe208d2b2bb7ec36366dacb6c88b24cd79ab394adf19dbbc21dfa5788bacbadc6a62f79cf54fd8cf585c615b5c0eb94c35aa9de25321c8ffefb8916bbaa2697cb2dd82ee98939df9b6704cee77793edd2b4947d82e00e5749664970736c59a84197bd72b5c71e36aae29cd39af6ac73a368edbc1ca792e1309f442aafcd77c992c88f8e4863149f221695cb7b0236e75b2339a02c4ea114854372c306b9412d8eedb600a31532002f2cea07b4df963a093185e4607732e46d753b540974fb5a5c3f9432df22e85bb17611370966c5522fd23f2ad3484341ba7fd8885fc8e6d379a611d13a2aca784fba2073208faad2137bf1979a0fa146c1880d4337db3274269493bab44a1bcd0681f7227ffdf589c2e925ed9d36302509d1109ba4
-@@ -1106,36 +1124,42 @@ vcDtKrdWo6btTWc1Kml9QhbpMhKxJ6Y9VBHOb6mNXb79cyY+NygUJ0OBgWbtfdY2
- h90qjKHS9PvY4Q==
- -----END PRIVATE KEY-----
-
-+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=354fe67b4a126d5d35fe36c777791a3f7ba13def484e2d3908aff722fad468fb21696de95d0be911c2d3174f8afcc201035f7b6d8e69402de5451618c21a535fa9d7bfc5b8dd9fc243f8cf927db31322d6e881eaa91a996170e657a05a266426d98c88003f8477c1227094a0d9fa1e8c4024309ce1ecccb5210035d47ac72e8a
- Output=6628194e12073db03ba94cda9ef9532397d50dba79b987004afefe34
-
-+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=640db1acc58e0568fe5407e5f9b701dff8c3c91e716c536fc7fcec6cb5b71c1165988d4a279e1577d730fc7a29932e3f00c81515236d8d8e31017a7a09df4352d904cdeb79aa583adcc31ea698a4c05283daba9089be5491f67c1a4ee48dc74bbbe6643aef846679b4cb395a352d5ed115912df696ffe0702932946d71492b44
- Output=750c4047f547e8e41411856523298ac9bae245efaf1397fbe56f9dd5
-
-+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=423736ed035f6026af276c35c0b3741b365e5f76ca091b4e8c29e2f0befee603595aa8322d602d2e625e95eb81b2f1c9724e822eca76db8618cf09c5343503a4360835b5903bc637e3879fb05e0ef32685d5aec5067cd7cc96fe4b2670b6eac3066b1fcf5686b68589aafb7d629b02d8f8625ca3833624d4800fb081b1cf94eb
- Output=d94ae0832e6445ce42331cb06d531a82b1db4baad30f746dc916df24d4e3c2451fff59a6423eb0e1d02d4fe646cf699dfd818c6e97b051
-
-+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=45ead4ca551e662c9800f1aca8283b0525e6abae30be4b4aba762fa40fd3d38e22abefc69794f6ebbbc05ddbb11216247d2f412fd0fba87c6e3acd888813646fd0e48e785204f9c3f73d6d8239562722dddd8771fec48b83a31ee6f592c4cfd4bc88174f3b13a112aae3b9f7b80e0fc6f7255ba880dc7d8021e22ad6a85f0755
- Output=52e650d98e7f2a048b4f86852153b97e01dd316f346a19f67a85
-
-+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=36f6e34d94a8d34daacba33a2139d00ad85a9345a86051e73071620056b920e219005855a213a0f23897cdcd731b45257c777fe908202befdd0b58386b1244ea0cf539a05d5d10329da44e13030fd760dcd644cfef2094d1910d3f433e1c7c6dd18bc1f2df7f643d662fb9dd37ead9059190f4fa66ca39e869c4eb449cbdc439
- Output=8da89fd9e5f974a29feffb462b49180f6cf9e802
-
-+Availablein = default
- Decrypt=RSA-OAEP-1
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -1160,36 +1184,42 @@ SwGNdhGLJDiac1Dsg2sAY6IXISNv2O222JtR5+64e2EbcTLLfqc1bCMVHB53UVB8
- eG2e4XlBcKjI6A==
- -----END PRIVATE KEY-----
-
-+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0181af8922b9fcb4d79d92ebe19815992fc0c1439d8bcd491398a0f4ad3a329a5bd9385560db532683c8b7da04e4b12aed6aacdf471c34c9cda891addcc2df3456653aa6382e9ae59b54455257eb099d562bbe10453f2b6d13c59c02e10f1f8abb5da0d0570932dacf2d0901db729d0fefcc054e70968ea540c81b04bcaefe720e
- Output=8ff00caa605c702830634d9a6c3d42c652b58cf1d92fec570beee7
-
-+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=018759ff1df63b2792410562314416a8aeaf2ac634b46f940ab82d64dbf165eee33011da749d4bab6e2fcd18129c9e49277d8453112b429a222a8471b070993998e758861c4d3f6d749d91c4290d332c7a4ab3f7ea35ff3a07d497c955ff0ffc95006b62c6d296810d9bfab024196c7934012c2df978ef299aba239940cba10245
- Output=2d
-
-+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=018802bab04c60325e81c4962311f2be7c2adce93041a00719c88f957575f2c79f1b7bc8ced115c706b311c08a2d986ca3b6a9336b147c29c6f229409ddec651bd1fdd5a0b7f610c9937fdb4a3a762364b8b3206b4ea485fd098d08f63d4aa8bb2697d027b750c32d7f74eaf5180d2e9b66b17cb2fa55523bc280da10d14be2053
- Output=74fc88c51bc90f77af9d5e9a4a70133d4b4e0b34da3c37c7ef8e
-
-+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=00a4578cbc176318a638fba7d01df15746af44d4f6cd96d7e7c495cbf425b09c649d32bf886da48fbaf989a2117187cafb1fb580317690e3ccd446920b7af82b31db5804d87d01514acbfa9156e782f867f6bed9449e0e9a2c09bcecc6aa087636965e34b3ec766f2fe2e43018a2fddeb140616a0e9d82e5331024ee0652fc7641
- Output=a7eb2a5036931d27d4e891326d99692ffadda9bf7efd3e34e622c4adc085f721dfe885072c78a203b151739be540fa8c153a10f00a
-
-+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=00ebc5f5fda77cfdad3c83641a9025e77d72d8a6fb33a810f5950f8d74c73e8d931e8634d86ab1246256ae07b6005b71b7f2fb98351218331ce69b8ffbdc9da08bbc9c704f876deb9df9fc2ec065cad87f9090b07acc17aa7f997b27aca48806e897f771d95141fe4526d8a5301b678627efab707fd40fbebd6e792a25613e7aec
- Output=2ef2b066f854c33f3bdcbb5994a435e73d6c6c
-
-+Availablein = default
- Decrypt=RSA-OAEP-2
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -1214,36 +1244,42 @@ iUGx07dw5a0x7jc7KKzaaf+bb0D+V4ufGvuFg2+WJ9N6z/c8J3nmNLsmARwsj38z
- Ya4qnqZe1onjY5o=
- -----END PRIVATE KEY-----
-
-+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=026a0485d96aebd96b4382085099b962e6a2bdec3d90c8db625e14372de85e2d5b7baab65c8faf91bb5504fb495afce5c988b3f6a52e20e1d6cbd3566c5cd1f2b8318bb542cc0ea25c4aab9932afa20760eaddec784396a07ea0ef24d4e6f4d37e5052a7a31e146aa480a111bbe926401307e00f410033842b6d82fe5ce4dfae80
- Output=087820b569e8fa8d
-
-+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=024db89c7802989be0783847863084941bf209d761987e38f97cb5f6f1bc88da72a50b73ebaf11c879c4f95df37b850b8f65d7622e25b1b889e80fe80baca2069d6e0e1d829953fc459069de98ea9798b451e557e99abf8fe3d9ccf9096ebbf3e5255d3b4e1c6d2ecadf067a359eea86405acd47d5e165517ccafd47d6dbee4bf5
- Output=4653acaf171960b01f52a7be63a3ab21dc368ec43b50d82ec3781e04
-
-+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0239bce681032441528877d6d1c8bb28aa3bc97f1df584563618995797683844ca86664732f4bed7a0aab083aaabfb7238f582e30958c2024e44e57043b97950fd543da977c90cdde5337d618442f99e60d7783ab59ce6dd9d69c47ad1e962bec22d05895cff8d3f64ed5261d92b2678510393484990ba3f7f06818ae6ffce8a3a
- Output=d94cd0e08fa404ed89
-
-+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=02994c62afd76f498ba1fd2cf642857fca81f4373cb08f1cbaee6f025c3b512b42c3e8779113476648039dbe0493f9246292fac28950600e7c0f32edf9c81b9dec45c3bde0cc8d8847590169907b7dc5991ceb29bb0714d613d96df0f12ec5d8d3507c8ee7ae78dd83f216fa61de100363aca48a7e914ae9f42ddfbe943b09d9a0
- Output=6cc641b6b61e6f963974dad23a9013284ef1
-
-+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0162042ff6969592a6167031811a239834ce638abf54fec8b99478122afe2ee67f8c5b18b0339805bfdbc5a4e6720b37c59cfba942464c597ff532a119821545fd2e59b114e61daf71820529f5029cf524954327c34ec5e6f5ba7efcc4de943ab8ad4ed787b1454329f70db798a3a8f4d92f8274e2b2948ade627ce8ee33e43c60
- Output=df5151832b61f4f25891fb4172f328d2eddf8371ffcfdbe997939295f30eca6918017cfda1153bf7a6af87593223
-
-+Availablein = default
- Decrypt=RSA-OAEP-3
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -1268,36 +1304,42 @@ s/XkIiO6MDAcQabYfLtw4wy308Z9JUc9sfbL8D4/kSbj6XloJ5qGWywrQmUkz8Uq
- aD0x7TDrmEvkEro=
- -----END PRIVATE KEY-----
-
-+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=04cce19614845e094152a3fe18e54e3330c44e5efbc64ae16886cb1869014cc5781b1f8f9e045384d0112a135ca0d12e9c88a8e4063416deaae3844f60d6e96fe155145f4525b9a34431ca3766180f70e15a5e5d8e8b1a516ff870609f13f896935ced188279a58ed13d07114277d75c6568607e0ab092fd803a223e4a8ee0b1a8
- Output=4a86609534ee434a6cbca3f7e962e76d455e3264c19f605f6e5ff6137c65c56d7fb344cd52bc93374f3d166c9f0c6f9c506bad19330972d2
-
-+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0097b698c6165645b303486fbf5a2a4479c0ee85889b541a6f0b858d6b6597b13b854eb4f839af03399a80d79bda6578c841f90d645715b280d37143992dd186c80b949b775cae97370e4ec97443136c6da484e970ffdb1323a20847821d3b18381de13bb49aaea66530c4a4b8271f3eae172cd366e07e6636f1019d2a28aed15e
- Output=b0adc4f3fe11da59ce992773d9059943c03046497ee9d9f9a06df1166db46d98f58d27ec074c02eee6cbe2449c8b9fc5080c5c3f4433092512ec46aa793743c8
-
-+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0301f935e9c47abcb48acbbe09895d9f5971af14839da4ff95417ee453d1fd77319072bb7297e1b55d7561cd9d1bb24c1a9a37c619864308242804879d86ebd001dce5183975e1506989b70e5a83434154d5cbfd6a24787e60eb0c658d2ac193302d1192c6e622d4a12ad4b53923bca246df31c6395e37702c6a78ae081fb9d065
- Output=bf6d42e701707b1d0206b0c8b45a1c72641ff12889219a82bdea965b5e79a96b0d0163ed9d578ec9ada20f2fbcf1ea3c4089d83419ba81b0c60f3606da99
-
-+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=02d110ad30afb727beb691dd0cf17d0af1a1e7fa0cc040ec1a4ba26a42c59d0a796a2e22c8f357ccc98b6519aceb682e945e62cb734614a529407cd452bee3e44fece8423cc19e55548b8b994b849c7ecde4933e76037e1d0ce44275b08710c68e430130b929730ed77e09b015642c5593f04e4ffb9410798102a8e96ffdfe11e4
- Output=fb2ef112f5e766eb94019297934794f7be2f6fc1c58e
-
-+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=00dbb8a7439d90efd919a377c54fae8fe11ec58c3b858362e23ad1b8a44310799066b99347aa525691d2adc58d9b06e34f288c170390c5f0e11c0aa3645959f18ee79e8f2be8d7ac5c23d061f18dd74b8c5f2a58fcb5eb0c54f99f01a83247568292536583340948d7a8c97c4acd1e98d1e29dc320e97a260532a8aa7a758a1ec2
- Output=28ccd447bb9e85166dabb9e5b7d1adadc4b9d39f204e96d5e440ce9ad928bc1c2284
-
-+Availablein = default
- Decrypt=RSA-OAEP-4
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -1322,36 +1364,42 @@ OPlAQGLrhaQpJFILOPW7iGoBlvSLuNzqYP2SzAJ/GOeBWKNKXF1fhgoPbAQHGn0B
- MSwGUGLx60i3nRyDyw==
- -----END PRIVATE KEY-----
-
-+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=036046a4a47d9ed3ba9a89139c105038eb7492b05a5d68bfd53accff4597f7a68651b47b4a4627d927e485eed7b4566420e8b409879e5d606eae251d22a5df799f7920bfc117b992572a53b1263146bcea03385cc5e853c9a101c8c3e1bda31a519807496c6cb5e5efb408823a352b8fa0661fb664efadd593deb99fff5ed000e5
- Output=af71a901e3a61d3132f0fc1fdb474f9ea6579257ffc24d164170145b3dbde8
-
-+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=03d6eb654edce615bc59f455265ed4e5a18223cbb9be4e4069b473804d5de96f54dcaaa603d049c5d94aa1470dfcd2254066b7c7b61ff1f6f6770e3215c51399fd4e34ec5082bc48f089840ad04354ae66dc0f1bd18e461a33cc1258b443a2837a6df26759aa2302334986f87380c9cc9d53be9f99605d2c9a97da7b0915a4a7ad
- Output=a3b844a08239a8ac41605af17a6cfda4d350136585903a417a79268760519a4b4ac3303ec73f0f87cfb32399
-
-+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0770952181649f9f9f07ff626ff3a22c35c462443d905d456a9fd0bff43cac2ca7a9f554e9478b9acc3ac838b02040ffd3e1847de2e4253929f9dd9ee4044325a9b05cabb808b2ee840d34e15d105a3f1f7b27695a1a07a2d73fe08ecaaa3c9c9d4d5a89ff890d54727d7ae40c0ec1a8dd86165d8ee2c6368141016a48b55b6967
- Output=308b0ecbd2c76cb77fc6f70c5edd233fd2f20929d629f026953bb62a8f4a3a314bde195de85b5f816da2aab074d26cb6acddf323ae3b9c678ac3cf12fbdde7
-
-+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0812b76768ebcb642d040258e5f4441a018521bd96687e6c5e899fcd6c17588ff59a82cc8ae03a4b45b31299af1788c329f7dcd285f8cf4ced82606b97612671a45bedca133442144d1617d114f802857f0f9d739751c57a3f9ee400912c61e2e6992be031a43dd48fa6ba14eef7c422b5edc4e7afa04fdd38f402d1c8bb719abf
- Output=15c5b9ee1185
-
-+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=07b60e14ec954bfd29e60d0047e789f51d57186c63589903306793ced3f68241c743529aba6a6374f92e19e0163efa33697e196f7661dfaaa47aac6bde5e51deb507c72c589a2ca1693d96b1460381249b2cdb9eac44769f2489c5d3d2f99f0ee3c7ee5bf64a5ac79c42bd433f149be8cb59548361640595513c97af7bc2509723
- Output=21026e6800c7fa728fcaaba0d196ae28d7a2ac4ffd8abce794f0985f60c8a6737277365d3fea11db8923a2029a
-
-+Availablein = default
- Decrypt=RSA-OAEP-5
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -1376,36 +1424,42 @@ xT1F29tenZbQ/s9Cdd8JdLxKBza0p0wyaQU++2hqziQG4iyeBY3bSuVAYnri/bCC
- Yejn5Ly8mU2q+jBcRQ==
- -----END PRIVATE KEY-----
-
-+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0630eebcd2856c24f798806e41f9e67345eda9ceda386acc9facaea1eeed06ace583709718d9d169fadf414d5c76f92996833ef305b75b1e4b95f662a20faedc3bae0c4827a8bf8a88edbd57ec203a27a841f02e43a615bab1a8cac0701de34debdef62a088089b55ec36ea7522fd3ec8d06b6a073e6df833153bc0aefd93bd1a3
- Output=4046ca8baa3347ca27f49e0d81f9cc1d71be9ba517d4
-
-+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0ebc37376173a4fd2f89cc55c2ca62b26b11d51c3c7ce49e8845f74e7607317c436bc8d23b9667dfeb9d087234b47bc6837175ae5c0559f6b81d7d22416d3e50f4ac533d8f0812f2db9e791fe9c775ac8b6ad0f535ad9ceb23a4a02014c58ab3f8d3161499a260f39348e714ae2a1d3443208fd8b722ccfdfb393e98011f99e63f
- Output=5cc72c60231df03b3d40f9b57931bc31109f972527f28b19e7480c7288cb3c92b22512214e4be6c914792ddabdf57faa8aa7
-
-+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0a98bf1093619394436cf68d8f38e2f158fde8ea54f3435f239b8d06b8321844202476aeed96009492480ce3a8d705498c4c8c68f01501dc81db608f60087350c8c3b0bd2e9ef6a81458b7c801b89f2e4fe99d4900ba6a4b5e5a96d865dc676c7755928794130d6280a8160a190f2df3ea7cf9aa0271d88e9e6905ecf1c5152d65
- Output=b20e651303092f4bccb43070c0f86d23049362ed96642fc5632c27db4a52e3d831f2ab068b23b149879c002f6bf3feee97591112562c
-
-+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=008e7a67cacfb5c4e24bec7dee149117f19598ce8c45808fef88c608ff9cd6e695263b9a3c0ad4b8ba4c95238e96a8422b8535629c8d5382374479ad13fa39974b242f9a759eeaf9c83ad5a8ca18940a0162ba755876df263f4bd50c6525c56090267c1f0e09ce0899a0cf359e88120abd9bf893445b3cae77d3607359ae9a52f8
- Output=684e3038c5c041f7
-
-+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=00003474416c7b68bdf961c385737944d7f1f40cb395343c693cc0b4fe63b31fedf1eaeeac9ccc0678b31dc32e0977489514c4f09085f6298a9653f01aea4045ff582ee887be26ae575b73eef7f3774921e375a3d19adda0ca31aa1849887c1f42cac9677f7a2f4e923f6e5a868b38c084ef187594dc9f7f048fea2e02955384ab
- Output=32488cb262d041d6e4dd35f987bf3ca696db1f06ac29a44693
-
-+Availablein = default
- Decrypt=RSA-OAEP-6
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -1430,36 +1484,42 @@ tu4XIedy0DiaVZw9PN+VUNRXxGsDe3RkGx1SFmr4ohPIOWIGzfukQi8Y1vYdvLXS
- FMlxv0gq65dqc3DC
- -----END PRIVATE KEY-----
-
-+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=1688e4ce7794bba6cb7014169ecd559cede2a30b56a52b68d9fe18cf1973ef97b2a03153951c755f6294aa49adbdb55845ab6875fb3986c93ecf927962840d282f9e54ce8b690f7c0cb8bbd73440d9571d1b16cd9260f9eab4783cc482e5223dc60973871783ec27b0ae0fd47732cbc286a173fc92b00fb4ba6824647cd93c85c1
- Output=47aae909
-
-+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=1052ed397b2e01e1d0ee1c50bf24363f95e504f4a03434a08fd822574ed6b9736edbb5f390db10321479a8a139350e2bd4977c3778ef331f3e78ae118b268451f20a2f01d471f5d53c566937171b2dbc2d4bde459a5799f0372d6574239b2323d245d0bb81c286b63c89a361017337e4902f88a467f4c7f244bfd5ab46437ff3b6
- Output=1d9b2e2223d9bc13bfb9f162ce735db48ba7c68f6822a0a1a7b6ae165834e7
-
-+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=2155cd843ff24a4ee8badb7694260028a490813ba8b369a4cbf106ec148e5298707f5965be7d101c1049ea8584c24cd63455ad9c104d686282d3fb803a4c11c1c2e9b91c7178801d1b6640f003f5728df007b8a4ccc92bce05e41a27278d7c85018c52414313a5077789001d4f01910b72aad05d220aa14a58733a7489bc54556b
- Output=d976fc
-
-+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=0ab14c373aeb7d4328d0aaad8c094d88b9eb098b95f21054a29082522be7c27a312878b637917e3d819e6c3c568db5d843802b06d51d9e98a2be0bf40c031423b00edfbff8320efb9171bd2044653a4cb9c5122f6c65e83cda2ec3c126027a9c1a56ba874d0fea23f380b82cf240b8cf540004758c4c77d934157a74f3fc12bfac
- Output=d4738623df223aa43843df8467534c41d013e0c803c624e263666b239bde40a5f29aeb8de79e3daa61dd0370f49bd4b013834b98212aef6b1c5ee373b3cb
-
-+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=028387a318277434798b4d97f460068df5298faba5041ba11761a1cb7316b24184114ec500257e2589ed3b607a1ebbe97a6cc2e02bf1b681f42312a33b7a77d8e7855c4a6de03e3c04643f786b91a264a0d6805e2cea91e68177eb7a64d9255e4f27e713b7ccec00dc200ebd21c2ea2bb890feae4942df941dc3f97890ed347478
- Output=bb47231ca5ea1d3ad46c99345d9a8a61
-
-+Availablein = default
- Decrypt=RSA-OAEP-7
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -1484,36 +1544,42 @@ njraT2MgdSwJ2AX/fR8a4NAXru7pzvoNfdf/d15EtXgyL2QF1iEdoZUZZmqof9xM
- 2MiPa249Z+lh3Luj0A==
- -----END PRIVATE KEY-----
-
-+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=09b3683d8a2eb0fb295b62ed1fb9290b714457b7825319f4647872af889b30409472020ad12912bf19b11d4819f49614824ffd84d09c0a17e7d17309d12919790410aa2995699f6a86dbe3242b5acc23af45691080d6b1ae810fb3e3057087f0970092ce00be9562ff4053b6262ce0caa93e13723d2e3a5ba075d45f0d61b54b61
- Output=050b755e5e6880f7b9e9d692a74c37aae449b31bfea6deff83747a897f6c2c825bb1adbf850a3c96994b5de5b33cbc7d4a17913a7967
-
-+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=2ecf15c97c5a15b1476ae986b371b57a24284f4a162a8d0c8182e7905e792256f1812ba5f83f1f7a130e42dcc02232844edc14a31a68ee97ae564a383a3411656424c5f62ddb646093c367be1fcda426cf00a06d8acb7e57776fbbd855ac3df506fc16b1d7c3f2110f3d8068e91e186363831c8409680d8da9ecd8cf1fa20ee39d
- Output=4eb68dcd93ca9b19df111bd43608f557026fe4aa1d5cfac227a3eb5ab9548c18a06dded23f81825986b2fcd71109ecef7eff88873f075c2aa0c469f69c92bc
-
-+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=4bc89130a5b2dabb7c2fcf90eb5d0eaf9e681b7146a38f3173a3d9cfec52ea9e0a41932e648a9d69344c50da763f51a03c95762131e8052254dcd2248cba40fd31667786ce05a2b7b531ac9dac9ed584a59b677c1a8aed8c5d15d68c05569e2be780bf7db638fd2bfd2a85ab276860f3777338fca989ffd743d13ee08e0ca9893f
- Output=8604ac56328c1ab5ad917861
-
-+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=2e456847d8fc36ff0147d6993594b9397227d577752c79d0f904fcb039d4d812fea605a7b574dd82ca786f93752348438ee9f5b5454985d5f0e1699e3e7ad175a32e15f03deb042ab9fe1dd9db1bb86f8c089ccb45e7ef0c5ee7ca9b7290ca6b15bed47039788a8a93ff83e0e8d6244c71006362deef69b6f416fb3c684383fbd0
- Output=fdda5fbf6ec361a9d9a4ac68af216a0686f438b1e0e5c36b955f74e107f39c0dddcc
-
-+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=1fb9356fd5c4b1796db2ebf7d0d393cc810adf6145defc2fce714f79d93800d5e2ac211ea8bbecca4b654b94c3b18b30dd576ce34dc95436ef57a09415645923359a5d7b4171ef22c24670f1b229d3603e91f76671b7df97e7317c97734476d5f3d17d21cf82b5ba9f83df2e588d36984fd1b584468bd23b2e875f32f68953f7b2
- Output=4a5f4914bee25de3c69341de07
-
-+Availablein = default
- Decrypt=RSA-OAEP-8
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-@@ -1544,36 +1610,42 @@ Z7CDuaemy2HkLbNiuMmJbbcGTgKtWuYVh9oVtGSckFlJCf6zfby2VL63Jo7IAeWo
- tKo5Eb69iFQvBb4=
- -----END PRIVATE KEY-----
-
-+Availablein = default
- Decrypt=RSA-OAEP-9
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=267bcd118acab1fc8ba81c85d73003cb8610fa55c1d97da8d48a7c7f06896a4db751aa284255b9d36ad65f37653d829f1b37f97b8001942545b2fc2c55a7376ca7a1be4b1760c8e05a33e5aa2526b8d98e317088e7834c755b2a59b12631a182c05d5d43ab1779264f8456f515ce57dfdf512d5493dab7b7338dc4b7d78db9c091ac3baf537a69fc7f549d979f0eff9a94fda4169bd4d1d19a69c99e33c3b55490d501b39b1edae118ff6793a153261584d3a5f39f6e682e3d17c8cd1261fa72
- Output=f735fd55ba92592c3b52b8f9c4f69aaa1cbef8fe88add095595412467f9cf4ec0b896c59eda16210e7549c8abb10cdbc21a12ec9b6b5b8fd2f10399eb6
-
-+Availablein = default
- Decrypt=RSA-OAEP-9
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=93ac9f0671ec29acbb444effc1a5741351d60fdb0e393fbf754acf0de49761a14841df7772e9bc82773966a1584c4d72baea00118f83f35cca6e537cbd4d811f5583b29783d8a6d94cd31be70d6f526c10ff09c6fa7ce069795a3fcd0511fd5fcb564bcc80ea9c78f38b80012539d8a4ddf6fe81e9cddb7f50dbbbbcc7e5d86097ccf4ec49189fb8bf318be6d5a0715d516b49af191258cd32dc833ce6eb4673c03a19bbace88cc54895f636cc0c1ec89096d11ce235a265ca1764232a689ae8
- Output=81b906605015a63aabe42ddf11e1978912f5404c7474b26dce3ed482bf961ecc818bf420c54659
-
-+Availablein = default
- Decrypt=RSA-OAEP-9
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=81ebdd95054b0c822ef9ad7693f5a87adfb4b4c4ce70df2df84ed49c04da58ba5fc20a19e1a6e8b7a3900b22796dc4e869ee6b42792d15a8eceb56c09c69914e813cea8f6931e4b8ed6f421af298d595c97f4789c7caa612c7ef360984c21b93edc5401068b5af4c78a8771b984d53b8ea8adf2f6a7d4a0ba76c75e1dd9f658f20ded4a46071d46d7791b56803d8fea7f0b0f8e41ae3f09383a6f9585fe7753eaaffd2bf94563108beecc207bbb535f5fcc705f0dde9f708c62f49a9c90371d3
- Output=fd326429df9b890e09b54b18b8f34f1e24
-
-+Availablein = default
- Decrypt=RSA-OAEP-9
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=bcc35f94cde66cb1136625d625b94432a35b22f3d2fa11a613ff0fca5bd57f87b902ccdc1cd0aebcb0715ee869d1d1fe395f6793003f5eca465059c88660d446ff5f0818552022557e38c08a67ead991262254f10682975ec56397768537f4977af6d5f6aaceb7fb25dec5937230231fd8978af49119a29f29e424ab8272b47562792d5c94f774b8829d0b0d9f1a8c9eddf37574d5fa248eefa9c5271fc5ec2579c81bdd61b410fa61fe36e424221c113addb275664c801d34ca8c6351e4a858
- Output=f1459b5f0c92f01a0f723a2e5662484d8f8c0a20fc29dad6acd43bb5f3effdf4e1b63e07fdfe6628d0d74ca19bf2d69e4a0abf86d293925a796772f8088e
-
-+Availablein = default
- Decrypt=RSA-OAEP-9
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
- Input=232afbc927fa08c2f6a27b87d4a5cb09c07dc26fae73d73a90558839f4fd66d281b87ec734bce237ba166698ed829106a7de6942cd6cdce78fed8d2e4d81428e66490d036264cef92af941d3e35055fe3981e14d29cbb9a4f67473063baec79a1179f5a17c9c1832f2838fd7d5e59bb9659d56dce8a019edef1bb3accc697cc6cc7a778f60a064c7f6f5d529c6210262e003de583e81e3167b89971fb8c0e15d44fffef89b53d8d64dd797d159b56d2b08ea5307ea12c241bd58d4ee278a1f2e
- Output=53e6e8c729d6f9c319dd317e74b0db8e4ccca25f3c8305746e137ac63a63ef3739e7b595abb96e8d55e54f7bd41ab433378ffb911d
-
-+Availablein = default
- Decrypt=RSA-OAEP-9
- Ctrl = rsa_padding_mode:oaep
- Ctrl = rsa_mgf1_md:sha1
-diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 4e368c730b..879d5d76eb 100644
---- a/test/recipes/80-test_cms.t
-+++ b/test/recipes/80-test_cms.t
-@@ -235,7 +235,7 @@ my @smime_pkcs7_tests = (
- \&final_compare
- ],
-
-- [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
-+ [ "enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients, no Red Hat FIPS",
- [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
- "-aes256", "-stream", "-out", "{output}.cms",
- $smrsa1,
-@@ -1118,6 +1118,9 @@ sub check_availability {
- return "$tnam: skipped, DSA disabled\n"
- if ($no_dsa && $tnam =~ / DSA/);
-
-+ return "$tnam: skipped, Red Hat FIPS\n"
-+ if ($tnam =~ /no Red Hat FIPS/);
-+
- return "";
- }
-
-diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
-index e2dcb68fb5..0775112b40 100644
---- a/test/recipes/80-test_ssl_old.t
-+++ b/test/recipes/80-test_ssl_old.t
-@@ -493,6 +493,18 @@ sub testssl {
- # the default choice if TLSv1.3 enabled
- my $flag = $protocol eq "-tls1_3" ? "" : $protocol;
- my $ciphersuites = "";
-+ my %redhat_skip_cipher = map {$_ => 1} qw(
-+AES256-GCM-SHA384:@SECLEVEL=0
-+AES256-CCM8:@SECLEVEL=0
-+AES256-CCM:@SECLEVEL=0
-+AES128-GCM-SHA256:@SECLEVEL=0
-+AES128-CCM8:@SECLEVEL=0
-+AES128-CCM:@SECLEVEL=0
-+AES256-SHA256:@SECLEVEL=0
-+AES128-SHA256:@SECLEVEL=0
-+AES256-SHA:@SECLEVEL=0
-+AES128-SHA:@SECLEVEL=0
-+ );
- foreach my $cipher (@{$ciphersuites{$protocol}}) {
- if ($protocol eq "-ssl3" && $cipher =~ /ECDH/ ) {
- note "*****SKIPPING $protocol $cipher";
-@@ -504,11 +516,16 @@ sub testssl {
- } else {
- $cipher = $cipher.':@SECLEVEL=0';
- }
-- ok(run(test([@ssltest, @exkeys, "-cipher",
-- $cipher,
-- "-ciphersuites", $ciphersuites,
-- $flag || ()])),
-- "Testing $cipher");
-+ if ($provider eq "fips" && exists $redhat_skip_cipher{$cipher}) {
-+ note "*****SKIPPING $cipher in Red Hat FIPS mode";
-+ ok(1);
-+ } else {
-+ ok(run(test([@ssltest, @exkeys, "-cipher",
-+ $cipher,
-+ "-ciphersuites", $ciphersuites,
-+ $flag || ()])),
-+ "Testing $cipher");
-+ }
- }
- }
- next if $protocol eq "-tls1_3";
---
-2.44.0
-
diff --git a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch b/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
deleted file mode 100644
index 9991c5c..0000000
--- a/0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
+++ /dev/null
@@ -1,570 +0,0 @@
-From 5f4f350ce797a7cd2fdca84c474ee196da9d6fae Mon Sep 17 00:00:00 2001
-From: Clemens Lang <cllang@redhat.com>
-Date: Wed, 18 May 2022 17:25:59 +0200
-Subject: [PATCH] Deny SHA-1 signature verification in FIPS provider
-
-For RHEL, we already disable SHA-1 signatures by default in the default
-provider, so it is unexpected that the FIPS provider would have a more
-lenient configuration in this regard. Additionally, we do not think
-continuing to accept SHA-1 signatures is a good idea due to the
-published chosen-prefix collision attacks.
-
-As a consequence, disable verification of SHA-1 signatures in the FIPS
-provider.
-
-This requires adjusting a few tests that would otherwise fail:
-- 30-test_acvp: Remove the test vectors that use SHA-1.
-- 30-test_evp: Mark tests in evppkey_rsa_common.txt and
- evppkey_ecdsa.txt that use SHA-1 digests as "Availablein = default",
- which will not run them when the FIPS provider is enabled.
-- 80-test_cms: Re-create all certificates in test/smime-certificates
- with SHA256 signatures while keeping the same private keys. These
- certificates were signed with SHA-1 and thus fail verification in the
- FIPS provider.
- Fix some other tests by explicitly running them in the default
- provider, where SHA-1 is available.
-- 80-test_ssl_old: Skip tests that rely on SSLv3 and SHA-1 when run with
- the FIPS provider.
-
-Signed-off-by: Clemens Lang <cllang@redhat.com>
----
- providers/implementations/signature/dsa_sig.c | 4 --
- .../implementations/signature/ecdsa_sig.c | 4 --
- providers/implementations/signature/rsa_sig.c | 8 +--
- test/acvp_test.inc | 20 -------
- .../30-test_evp_data/evppkey_ecdsa.txt | 7 +++
- .../30-test_evp_data/evppkey_rsa_common.txt | 51 +++++++++++++++-
- test/recipes/80-test_cms.t | 4 +-
- test/recipes/80-test_ssl_old.t | 4 ++
- test/smime-certs/smdh.pem | 18 +++---
- test/smime-certs/smdsa1.pem | 60 +++++++++----------
- test/smime-certs/smdsa2.pem | 60 +++++++++----------
- test/smime-certs/smdsa3.pem | 60 +++++++++----------
- test/smime-certs/smec1.pem | 30 +++++-----
- test/smime-certs/smec2.pem | 30 +++++-----
- test/smime-certs/smec3.pem | 30 +++++-----
- test/smime-certs/smroot.pem | 38 ++++++------
- test/smime-certs/smrsa1.pem | 38 ++++++------
- test/smime-certs/smrsa2.pem | 38 ++++++------
- test/smime-certs/smrsa3.pem | 38 ++++++------
- 19 files changed, 286 insertions(+), 256 deletions(-)
-
-diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
-index fa3822f39f..c365d7b13a 100644
---- a/providers/implementations/signature/dsa_sig.c
-+++ b/providers/implementations/signature/dsa_sig.c
-@@ -128,11 +128,7 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
- EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
- int md_nid;
- size_t mdname_len = strlen(mdname);
--#ifdef FIPS_MODULE
-- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
--#else
- int sha1_allowed = 0;
--#endif
- md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
- sha1_allowed);
-
-diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
-index 99b228e82c..44a22832ec 100644
---- a/providers/implementations/signature/ecdsa_sig.c
-+++ b/providers/implementations/signature/ecdsa_sig.c
-@@ -237,11 +237,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
- "%s could not be fetched", mdname);
- return 0;
- }
--#ifdef FIPS_MODULE
-- sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
--#else
- sha1_allowed = 0;
--#endif
- md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
- sha1_allowed);
- if (md_nid < 0) {
-diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index f66d7705c3..34f45175e8 100644
---- a/providers/implementations/signature/rsa_sig.c
-+++ b/providers/implementations/signature/rsa_sig.c
-@@ -292,11 +292,7 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
- EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
- int md_nid;
- size_t mdname_len = strlen(mdname);
--#ifdef FIPS_MODULE
-- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
--#else
- int sha1_allowed = 0;
--#endif
- md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
- sha1_allowed);
-
-@@ -1355,8 +1351,10 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
-
- if (prsactx->md == NULL && pmdname == NULL
- && pad_mode == RSA_PKCS1_PSS_PADDING) {
-+#ifdef FIPS_MODULE
-+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
-+#else
- pmdname = RSA_DEFAULT_DIGEST_NAME;
--#ifndef FIPS_MODULE
- if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
- pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
- }
-diff --git a/test/acvp_test.inc b/test/acvp_test.inc
-index ad11d3ae1e..73b24bdb0c 100644
---- a/test/acvp_test.inc
-+++ b/test/acvp_test.inc
-@@ -1841,17 +1841,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = {
- NO_PSS_SALT_LEN,
- FAIL
- },
-- {
-- "x931",
-- 3072,
-- "SHA1",
-- ITM(rsa_sigverx931_0_msg),
-- ITM(rsa_sigverx931_0_n),
-- ITM(rsa_sigverx931_0_e),
-- ITM(rsa_sigverx931_0_sig),
-- NO_PSS_SALT_LEN,
-- PASS
-- },
- {
- "x931",
- 3072,
-diff --git a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
-index f36982845d..51e507a61c 100644
---- a/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
-+++ b/test/recipes/30-test_evp_data/evppkey_ecdsa.txt
-@@ -37,12 +37,14 @@ PrivPubKeyPair = P-256:P-256-PUBLIC
-
- Title = ECDSA tests
-
-+Availablein = default
- Verify = P-256
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF1234"
- Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec8
-
- # Digest too long
-+Availablein = default
- Verify = P-256
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF12345"
-@@ -50,6 +52,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e
- Result = VERIFY_ERROR
-
- # Digest too short
-+Availablein = default
- Verify = P-256
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF123"
-@@ -57,6 +60,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e
- Result = VERIFY_ERROR
-
- # Digest invalid
-+Availablein = default
- Verify = P-256
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF1235"
-@@ -64,6 +68,7 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e
- Result = VERIFY_ERROR
-
- # Invalid signature
-+Availablein = default
- Verify = P-256
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF1234"
-@@ -79,12 +84,14 @@ Output = 3045022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e
- Result = VERIFY_ERROR
-
- # BER signature
-+Availablein = default
- Verify = P-256
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF1234"
- Output = 3080022100b1d1cb1a577035bccdd5a86c6148c2cc7c633cd42b7234139b593076d041e15202201898cdd52b41ca502098184b409cf83a21bc945006746e3b7cea52234e043ec80000
- Result = VERIFY_ERROR
-
-+Availablein = default
- Verify = P-256-PUBLIC
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF1234"
-diff --git a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
-index b8d8bb2993..8dd566067b 100644
---- a/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
-+++ b/test/recipes/30-test_evp_data/evppkey_rsa_common.txt
-@@ -96,6 +96,7 @@ NDL6WCBbets=
-
- Title = RSA tests
-
-+Availablein = default
- Verify = RSA-2048
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF1234"
-@@ -112,24 +113,28 @@ Ctrl = digest:SHA512-224
- Input = "0123456789ABCDEF123456789ABC"
- Output = 5f720e9488139bb21e1c2f027fd5ce5993e6d31c5a8faaee833487b3a944d66891178868ace8070cad3ee2ffbe54aa4885a15fd1a7cc5166970fe1fd8c0423e72bd3e3b56fc4a53ed80aaaeca42497f0ec3c62113edc05cd006608f5eef7ce3ad4cba1069f68731dd28a524a1f93fcdc5547112d48d45586dd943ba0d443be9635720d8a61697c54c96627f0d85c5fbeaa3b4af86a65cf2fc3800dd5de34c046985f25d0efc0bb6edccc1d08b3a4fb9c8faffe181c7e68b31e374ad1440a4a664eec9ca0dc53a9d2f5bc7d9940d866f64201bcbc63612754df45727ea24b531d7de83d1bb707444859fa35521320c33bf6f4dbeb6fb56e653adbf7af15843f17
-
-+Availablein = default
- VerifyRecover = RSA-2048
- Ctrl = digest:SHA1
- Input = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
- Output = "0123456789ABCDEF1234"
-
- # Leading zero in the signature
-+Availablein = default
- Verify = RSA-2048
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF1234"
- Output = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
- Result = VERIFY_ERROR
-
-+Availablein = default
- VerifyRecover = RSA-2048
- Ctrl = digest:SHA1
- Input = 00c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2eaee6cd60089a52482d4809a238149520df3bdde4cb9e23d9307b05c0a6f327052325a29adf2cc95b66523be7024e2a585c3d4db15dfbe146efe0ecdc0402e33fe5d40324ee96c5c3edd374a15cdc0f5d84aa243c0f07e188c6518fbfceae158a9943be398e31097da81b62074f626eff738be6160741d5a26957a482b3251fd85d8df78b98148459de10aa93305dbb4a5230aa1da291a9b0e481918f99b7638d72bb687f97661d304ae145d64a474437a4ef39d7b8059332ddeb07e92bf6e0e3acaf8afedc93795e4511737ec1e7aab6d5bc9466afc950c1c17b48ad
- Result = KEYOP_ERROR
-
- # Mismatched digest
-+Availablein = default
- Verify = RSA-2048
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF1233"
-@@ -137,6 +142,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2
- Result = VERIFY_ERROR
-
- # Corrupted signature
-+Availablein = default
- Verify = RSA-2048
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF1233"
-@@ -144,6 +150,7 @@ Output = c09d402423cbf233d26cae21f954547bc43fe80fd41360a0336cfdbe9aedad05bef6fd2
- Result = VERIFY_ERROR
-
- # parameter is not NULLt
-+Availablein = default
- Verify = RSA-2048
- Ctrl = digest:sha1
- Input = "0123456789ABCDEF1234"
-@@ -151,42 +158,49 @@ Output = 3ec3fc29eb6e122bd7aa361cd09fe1bcbe85311096a7b9e4799cedfb2351ce0ab7fe4e7
- Result = VERIFY_ERROR
-
- # embedded digest too long
-+Availablein = default
- Verify = RSA-2048
- Ctrl = digest:sha1
- Input = "0123456789ABCDEF1234"
- Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
- Result = VERIFY_ERROR
-
-+Availablein = default
- VerifyRecover = RSA-2048
- Ctrl = digest:sha1
- Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
- Result = KEYOP_ERROR
-
- # embedded digest too short
-+Availablein = default
- Verify = RSA-2048
- Ctrl = digest:sha1
- Input = "0123456789ABCDEF1234"
- Output = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
- Result = VERIFY_ERROR
-
-+Availablein = default
- VerifyRecover = RSA-2048
- Ctrl = digest:sha1
- Input = afec9a0d5330a08f54283bb4a9d4e7e7e70fc1342336c4c766fba713f66970151c6e27413c48c33864ea45a0238787004f338ed3e21b53b0fe9c1151c42c388cbc7cba5a06b706c407a5b48324fbe994dc7afc3a19fb3d2841e66222596c14cd72a0f0a7455a019d8eb554f59c0183f9552b75aa96fee8bf935945e079ca283d2bd3534a86f11351f6d6181fbf433e5b01a6d1422145c7a72214d3aacdd5d3af12b2d6bf6438f9f9a64010d8aeed801c87f0859412b236150b86a545f7239be022f4a7ad246b59df87514294cb4a4c7c5a997ee53c66054d9f38ca4e76c1f7af83c30f737ef70f83a45aebe18238ddb95e1998814ca4fc72388f1533147c169d
- Result = KEYOP_ERROR
-
- # Garbage after DigestInfo
-+Availablein = default
- Verify = RSA-2048
- Ctrl = digest:sha1
- Input = "0123456789ABCDEF1234"
- Output = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274
- Result = VERIFY_ERROR
-
-+Availablein = default
- VerifyRecover = RSA-2048
- Ctrl = digest:sha1
- Input = 9ee34872d4271a7d8808af0a4052a145a6d6a8437d00da3ed14428c7f087cd39f4d43334c41af63e7fa1ba363fee7bcef401d9d36a662abbab55ce89a696e1be0dfa19a5d09ca617dd488787b6048baaefeb29bc8688b2fe3882de2b77c905b5a8b56cf9616041e5ec934ba6de863efe93acc4eef783fe7f72a00fa65d6093ed32bf98ce527e62ccb1d56317f4be18b7e0f55d7c36617d2d0678a306e3350956b662ac15df45215dd8f6b314babb9788e6c272fa461e4c9b512a11a4b92bc77c3a4c95c903fccb238794eca5c750477bf56ea6ee6a167367d881b485ae3889e7c489af8fdf38e0c0f2aed780831182e34abedd43c39281b290774bf35cc25274
- Result = KEYOP_ERROR
-
- # invalid tag for parameter
-+Availablein = default
- Verify = RSA-2048
- Ctrl = digest:sha1
- Input = "0123456789ABCDEF1234"
-@@ -195,6 +209,7 @@ Result = VERIFY_ERROR
-
- # Verify using public key
-
-+Availablein = default
- Verify = RSA-2048-PUBLIC
- Ctrl = digest:SHA1
- Input = "0123456789ABCDEF1234"
-@@ -370,6 +385,8 @@ Input="0123456789ABCDEF0123456789ABCDEF"
- Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DDD0635A96B28F854E50145518482CB49E963054621B53C60C498D07C16E9C2789C893CF38D4D86900DE71BDE463BD2761D1271E358C7480A1AC0BAB930DDF39602AD1BC165B5D7436B516B7A7858E8EB7AB1C420EEB482F4D207F0E462B1724959320A084E13848D11D10FB593E66BF680BF6D3F345FC3E9C3DE60ABBAC37E1C6EC80A268C8D9FC49626C679097AA690BC1AA662B95EB8DB70390861AA0898229F9349B4B5FDD030D4928C47084708A933144BE23BD3C6E661B85B2C0EF9ED36D498D5B7320E8194D363D4AD478C059BAE804181965E0B81B663158A
-
- # Verify using salt length auto detect
-+# In the FIPS provider on RHEL-9, the default digest for PSS signatures is SHA-256
-+Availablein = default
- Verify = RSA-2048-PUBLIC
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_pss_saltlen:auto
-@@ -404,6 +421,10 @@ Output=4DE433D5844043EF08D354DA03CB29068780D52706D7D1E4D50EFB7D58C9D547D83A747DD
- Result = VERIFY_ERROR
-
- # Verify using default parameters, explicitly setting parameters
-+# NOTE: RSA-PSS-DEFAULT contains a restriction to use SHA1 as digest, which
-+# RHEL-9 does not support in FIPS mode; all these tests are thus marked
-+# Availablein = default.
-+Availablein = default
- Verify = RSA-PSS-DEFAULT
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_pss_saltlen:20
-@@ -412,6 +433,7 @@ Input="0123456789ABCDEF0123"
- Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF
-
- # Verify explicitly setting parameters "digest" salt length
-+Availablein = default
- Verify = RSA-PSS-DEFAULT
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_pss_saltlen:digest
-@@ -420,18 +442,21 @@ Input="0123456789ABCDEF0123"
- Output = 3EFE09D88509027D837BFA5F8471CF7B69E6DF395DD999BB9CA42021F15722D9AC76670507C6BCFB73F64FB2211B611B8F140E76EBDB064BD762FDBA89D019E304A0D6B274E1C2FE1DF50005598A0306AF805416094E2A5BA60BC72BDE38CE061E853ED40F14967A8B9CA4DC739B462F89558F12FDF2D8D19FBEF16AD66FE2DDDA8BEE983ECBD873064244849D8D94B5B33F45E076871A47ED653E73257A2BE2DB3C0878094B0D2B6B682C8007DFD989425FB39A1FEEC9EED5876414601A49176EC344F5E3EDEE81CA2DDD29B7364F4638112CB3A547E2BC170E28CB66BDABE863754BE8AD5BA230567B575266F4B6B4CF81F28310ABF05351CC9E2DB85D00BF
-
- # Verify using salt length larger than minimum
-+Availablein = default
- Verify = RSA-PSS-DEFAULT
- Ctrl = rsa_pss_saltlen:30
- Input="0123456789ABCDEF0123"
- Output = 6BF7EDC63A0BA184EEEC7F3020FEC8F5EBF38C2B76481881F48BCCE5796E7AB294548BA9AE810457C7723CABD1BDE94CF59CF7C0FC7461B22760C8ED703DD98E97BFDD61FA8D1181C411F6DEE5FF159F4850746D78EDEE385A363DC28E2CB373D5CAD7953F3BD5E639BE345732C03A1BDEA268814DA036EB1891C82D4012F3B903D86636055F87B96FC98806AD1B217685A4D754046A5DE0B0D7870664BE07902153EC85BA457BE7D7F89D7FE0F626D02A9CBBB2BB479DDA1A5CAE75247FB7BF6BFB15C1D3FD9E6B1573CCDBC72011C3B97716058BB11C7EA2E4E56ADAFE1F5DE6A7FD405AC5890100F9C3408EFFB5C73BF73F48177FF743B4B819D0699D507B
-
- # Verify using maximum salt length
-+Availablein = default
- Verify = RSA-PSS-DEFAULT
- Ctrl = rsa_pss_saltlen:max
- Input="0123456789ABCDEF0123"
- Output = 4470DCFE812DEE2E58E4301D4ED274AB348FE040B724B2CD1D8CD0914BFF375F0B86FCB32BFA8AEA9BD22BD7C4F1ADD4F3D215A5CFCC99055BAFECFC23800E9BECE19A08C66BEBC5802122D13A732E5958FC228DCC0B49B5B4B1154F032D8FA2F3564AA949C1310CC9266B0C47F86D449AC9D2E7678347E7266E2D7C888CCE1ADF44A109A293F8516AE2BD94CE220F26E137DB8E7A66BB9FCE052CDC1D0BE24D8CEBB20D10125F26B069F117044B9E1D16FDDAABCA5340AE1702F37D0E1C08A2E93801C0A41035C6C73DA02A0E32227EAFB0B85E79107B59650D0EE7DC32A6772CCCE90F06369B2880FE87ED76997BA61F5EA818091EE88F8B0D6F24D02A3FC6
-
- # Attempt to change salt length below minimum
-+Availablein = default
- Verify = RSA-PSS-DEFAULT
- Ctrl = rsa_pss_saltlen:0
- Result = PKEY_CTRL_ERROR
-@@ -439,21 +464,25 @@ Result = PKEY_CTRL_ERROR
- # Attempt to change padding mode
- # Note this used to return PKEY_CTRL_INVALID
- # but it is limited because setparams only returns 0 or 1.
-+Availablein = default
- Verify = RSA-PSS-DEFAULT
- Ctrl = rsa_padding_mode:pkcs1
- Result = PKEY_CTRL_ERROR
-
- # Attempt to change digest
-+Availablein = default
- Verify = RSA-PSS-DEFAULT
- Ctrl = digest:sha256
- Result = PKEY_CTRL_ERROR
-
- # Invalid key: rejected when we try to init
-+Availablein = default
- Verify = RSA-PSS-BAD
- Result = KEYOP_INIT_ERROR
- Reason = invalid salt length
-
- # Invalid key: rejected when we try to init
-+Availablein = default
- Verify = RSA-PSS-BAD2
- Result = KEYOP_INIT_ERROR
- Reason = invalid salt length
-@@ -472,36 +501,42 @@ CAltWyuLbfXWce9jd8CSHLI8Jwpw4lmOb/idGfEFrMLT8Ms18pKA4Thrb2TE7yLh
- 4fINDOjP+yJJvZohNwIDAQAB
- -----END PUBLIC KEY-----
-
-+Availablein = default
- Verify=RSA-PSS-1
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=cd8b6538cb8e8de566b68bd067569dbf1ee2718e
- Output=9074308fb598e9701b2294388e52f971faac2b60a5145af185df5287b5ed2887e57ce7fd44dc8634e407c8e0e4360bc226f3ec227f9d9e54638e8d31f5051215df6ebb9c2f9579aa77598a38f914b5b9c1bd83c4e2f9f382a0d0aa3542ffee65984a601bc69eb28deb27dca12c82c2d4c3f66cd500f1ff2b994d8a4e30cbb33c
-
-+Availablein = default
- Verify=RSA-PSS-1
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=e35befc17a1d160b9ce35fbd8eb16e7ee491d3fd
- Output=3ef7f46e831bf92b32274142a585ffcefbdca7b32ae90d10fb0f0c729984f04ef29a9df0780775ce43739b97838390db0a5505e63de927028d9d29b219ca2c4517832558a55d694a6d25b9dab66003c4cccd907802193be5170d26147d37b93590241be51c25055f47ef62752cfbe21418fafe98c22c4d4d47724fdb5669e843
-
-+Availablein = default
- Verify=RSA-PSS-1
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=0652ec67bcee30f9d2699122b91c19abdba89f91
- Output=666026fba71bd3e7cf13157cc2c51a8e4aa684af9778f91849f34335d141c00154c4197621f9624a675b5abc22ee7d5baaffaae1c9baca2cc373b3f33e78e6143c395a91aa7faca664eb733afd14d8827259d99a7550faca501ef2b04e33c23aa51f4b9e8282efdb728cc0ab09405a91607c6369961bc8270d2d4f39fce612b1
-
-+Availablein = default
- Verify=RSA-PSS-1
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=39c21c4cceda9c1adf839c744e1212a6437575ec
- Output=4609793b23e9d09362dc21bb47da0b4f3a7622649a47d464019b9aeafe53359c178c91cd58ba6bcb78be0346a7bc637f4b873d4bab38ee661f199634c547a1ad8442e03da015b136e543f7ab07c0c13e4225b8de8cce25d4f6eb8400f81f7e1833b7ee6e334d370964ca79fdb872b4d75223b5eeb08101591fb532d155a6de87
-
-+Availablein = default
- Verify=RSA-PSS-1
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=36dae913b77bd17cae6e7b09453d24544cebb33c
- Output=1d2aad221ca4d31ddf13509239019398e3d14b32dc34dc5af4aeaea3c095af73479cf0a45e5629635a53a018377615b16cb9b13b3e09d671eb71e387b8545c5960da5a64776e768e82b2c93583bf104c3fdb23512b7b4e89f633dd0063a530db4524b01c3f384c09310e315a79dcd3d684022a7f31c865a664e316978b759fad
-
-+Availablein = default
- Verify=RSA-PSS-1
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
-@@ -517,36 +552,42 @@ swU7R97S7NSkyu/WFIM9yLtiLzF+0Ha4BX/o3j+ESArV6D5KYZBKTySPs5cCc1fh
- 0w5GMTmBXG/U/VrFuBcqRSMOy2MYoE8UVdhOWosCAwEAAQ==
- -----END PUBLIC KEY-----
-
-+Availablein = default
- Verify=RSA-PSS-9
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=2715a49b8b0012cd7aee84c116446e6dfe3faec0
- Output=586107226c3ce013a7c8f04d1a6a2959bb4b8e205ba43a27b50f124111bc35ef589b039f5932187cb696d7d9a32c0c38300a5cdda4834b62d2eb240af33f79d13dfbf095bf599e0d9686948c1964747b67e89c9aba5cd85016236f566cc5802cb13ead51bc7ca6bef3b94dcbdbb1d570469771df0e00b1a8a06777472d2316279edae86474668d4e1efff95f1de61c6020da32ae92bbf16520fef3cf4d88f61121f24bbd9fe91b59caf1235b2a93ff81fc403addf4ebdea84934a9cdaf8e1a9e
-
-+Availablein = default
- Verify=RSA-PSS-9
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=2dac956d53964748ac364d06595827c6b4f143cd
- Output=80b6d643255209f0a456763897ac9ed259d459b49c2887e5882ecb4434cfd66dd7e1699375381e51cd7f554f2c271704b399d42b4be2540a0eca61951f55267f7c2878c122842dadb28b01bd5f8c025f7e228418a673c03d6bc0c736d0a29546bd67f786d9d692ccea778d71d98c2063b7a71092187a4d35af108111d83e83eae46c46aa34277e06044589903788f1d5e7cee25fb485e92949118814d6f2c3ee361489016f327fb5bc517eb50470bffa1afa5f4ce9aa0ce5b8ee19bf5501b958
-
-+Availablein = default
- Verify=RSA-PSS-9
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=28d98c46cccafbd3bc04e72f967a54bd3ea12298
- Output=484408f3898cd5f53483f80819efbf2708c34d27a8b2a6fae8b322f9240237f981817aca1846f1084daa6d7c0795f6e5bf1af59c38e1858437ce1f7ec419b98c8736adf6dd9a00b1806d2bd3ad0a73775e05f52dfef3a59ab4b08143f0df05cd1ad9d04bececa6daa4a2129803e200cbc77787caf4c1d0663a6c5987b605952019782caf2ec1426d68fb94ed1d4be816a7ed081b77e6ab330b3ffc073820fecde3727fcbe295ee61a050a343658637c3fd659cfb63736de32d9f90d3c2f63eca
-
-+Availablein = default
- Verify=RSA-PSS-9
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=0866d2ff5a79f25ef668cd6f31b42dee421e4c0e
- Output=84ebeb481be59845b46468bafb471c0112e02b235d84b5d911cbd1926ee5074ae0424495cb20e82308b8ebb65f419a03fb40e72b78981d88aad143053685172c97b29c8b7bf0ae73b5b2263c403da0ed2f80ff7450af7828eb8b86f0028bd2a8b176a4d228cccea18394f238b09ff758cc00bc04301152355742f282b54e663a919e709d8da24ade5500a7b9aa50226e0ca52923e6c2d860ec50ff480fa57477e82b0565f4379f79c772d5c2da80af9fbf325ece6fc20b00961614bee89a183e
-
-+Availablein = default
- Verify=RSA-PSS-9
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=6a5b4be4cd36cc97dfde9995efbf8f097a4a991a
- Output=82102df8cb91e7179919a04d26d335d64fbc2f872c44833943241de8454810274cdf3db5f42d423db152af7135f701420e39b494a67cbfd19f9119da233a23da5c6439b5ba0d2bc373eee3507001378d4a4073856b7fe2aba0b5ee93b27f4afec7d4d120921c83f606765b02c19e4d6a1a3b95fa4c422951be4f52131077ef17179729cddfbdb56950dbaceefe78cb16640a099ea56d24389eef10f8fecb31ba3ea3b227c0a86698bb89e3e9363905bf22777b2a3aa521b65b4cef76d83bde4c
-
-+Availablein = default
- Verify=RSA-PSS-9
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
-@@ -564,36 +605,42 @@ F7jfF3jbOB3OCctK0FilEQAac4GY7ifPVaE7dUU5kGWC7IsXS9WNXR89dnxhNyGu
- BQIDAQAB
- -----END PUBLIC KEY-----
-
-+Availablein = default
- Verify=RSA-PSS-10
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=9596bb630cf6a8d4ea4600422b9eba8b13675dd4
- Output=82c2b160093b8aa3c0f7522b19f87354066c77847abf2a9fce542d0e84e920c5afb49ffdfdace16560ee94a1369601148ebad7a0e151cf16331791a5727d05f21e74e7eb811440206935d744765a15e79f015cb66c532c87a6a05961c8bfad741a9a6657022894393e7223739796c02a77455d0f555b0ec01ddf259b6207fd0fd57614cef1a5573baaff4ec00069951659b85f24300a25160ca8522dc6e6727e57d019d7e63629b8fe5e89e25cc15beb3a647577559299280b9b28f79b0409000be25bbd96408ba3b43cc486184dd1c8e62553fa1af4040f60663de7f5e49c04388e257f1ce89c95dab48a315d9b66b1b7628233876ff2385230d070d07e1666
-
-+Availablein = default
- Verify=RSA-PSS-10
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=b503319399277fd6c1c8f1033cbf04199ea21716
- Output=14ae35d9dd06ba92f7f3b897978aed7cd4bf5ff0b585a40bd46ce1b42cd2703053bb9044d64e813d8f96db2dd7007d10118f6f8f8496097ad75e1ff692341b2892ad55a633a1c55e7f0a0ad59a0e203a5b8278aec54dd8622e2831d87174f8caff43ee6c46445345d84a59659bfb92ecd4c818668695f34706f66828a89959637f2bf3e3251c24bdba4d4b7649da0022218b119c84e79a6527ec5b8a5f861c159952e23ec05e1e717346faefe8b1686825bd2b262fb2531066c0de09acde2e4231690728b5d85e115a2f6b92b79c25abc9bd9399ff8bcf825a52ea1f56ea76dd26f43baafa18bfa92a504cbd35699e26d1dcc5a2887385f3c63232f06f3244c3
-
-+Availablein = default
- Verify=RSA-PSS-10
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=50aaede8536b2c307208b275a67ae2df196c7628
- Output=6e3e4d7b6b15d2fb46013b8900aa5bbb3939cf2c095717987042026ee62c74c54cffd5d7d57efbbf950a0f5c574fa09d3fc1c9f513b05b4ff50dd8df7edfa20102854c35e592180119a70ce5b085182aa02d9ea2aa90d1df03f2daae885ba2f5d05afdac97476f06b93b5bc94a1a80aa9116c4d615f333b098892b25fface266f5db5a5a3bcc10a824ed55aad35b727834fb8c07da28fcf416a5d9b2224f1f8b442b36f91e456fdea2d7cfe3367268de0307a4c74e924159ed33393d5e0655531c77327b89821bdedf880161c78cd4196b5419f7acc3f13e5ebf161b6e7c6724716ca33b85c2e25640192ac2859651d50bde7eb976e51cec828b98b6563b86bb
-
-+Availablein = default
- Verify=RSA-PSS-10
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=aa0b72b8b371ddd10c8ae474425ccccf8842a294
- Output=34047ff96c4dc0dc90b2d4ff59a1a361a4754b255d2ee0af7d8bf87c9bc9e7ddeede33934c63ca1c0e3d262cb145ef932a1f2c0a997aa6a34f8eaee7477d82ccf09095a6b8acad38d4eec9fb7eab7ad02da1d11d8e54c1825e55bf58c2a23234b902be124f9e9038a8f68fa45dab72f66e0945bf1d8bacc9044c6f07098c9fcec58a3aab100c805178155f030a124c450e5acbda47d0e4f10b80a23f803e774d023b0015c20b9f9bbe7c91296338d5ecb471cafb032007b67a60be5f69504a9f01abb3cb467b260e2bce860be8d95bf92c0c8e1496ed1e528593a4abb6df462dde8a0968dffe4683116857a232f5ebf6c85be238745ad0f38f767a5fdbf486fb
-
-+Availablein = default
- Verify=RSA-PSS-10
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
- Input=fad3902c9750622a2bc672622c48270cc57d3ea8
- Output=7e0935ea18f4d6c1d17ce82eb2b3836c55b384589ce19dfe743363ac9948d1f346b7bfddfe92efd78adb21faefc89ade42b10f374003fe122e67429a1cb8cbd1f8d9014564c44d120116f4990f1a6e38774c194bd1b8213286b077b0499d2e7b3f434ab12289c556684deed78131934bb3dd6537236f7c6f3dcb09d476be07721e37e1ceed9b2f7b406887bd53157305e1c8b4f84d733bc1e186fe06cc59b6edb8f4bd7ffefdf4f7ba9cfb9d570689b5a1a4109a746a690893db3799255a0cb9215d2d1cd490590e952e8c8786aa0011265252470c041dfbc3eec7c3cbf71c24869d115c0cb4a956f56d530b80ab589acfefc690751ddf36e8d383f83cedd2cc
-
-+Availablein = default
- Verify=RSA-PSS-10
- Ctrl = rsa_padding_mode:pss
- Ctrl = rsa_mgf1_md:sha1
-@@ -1329,11 +1376,13 @@ Title = RSA FIPS tests
-
- # FIPS tests
-
--# Verifying with SHA1 is permitted in fips mode for older applications
-+# Verifying with SHA1 is not permitted on RHEL-9 in FIPS mode
-+Availablein = fips
- DigestVerify = SHA1
- Key = RSA-2048
- Input = "Hello "
- Output = 87ea0e2226ef35e5a2aec9ca1222fcbe39ba723f05b3203564f671dd3601271806ead3240e61d424359ee3b17bd3e32f54b82df83998a8ac4148410710361de0400f9ddf98278618fbc87747a0531972543e6e5f18ab2fdfbfda02952f6ac69690e43864690af271bf43d4be9705b303d4ff994ab3abd4d5851562b73e59be3edc01cec41a4cc13b68206329bad1a46c6608d3609e951faa321d0fdbc765d54e9a7c59248d2f67913c9903e932b769c9c8a45520cabea06e8c0b231dd3bcc7f7ec55b46b0157ccb5fc5011fa57353cd3df32edcbadcb8d168133cbd0acfb64444cb040e1298f621508a38f79e14ae8c2c5c857f90aa9d24ef5fc07d34bf23859
-+Result = DIGESTVERIFYINIT_ERROR
-
- # Verifying with a 1024 bit key is permitted in fips mode for older applications
- DigestVerify = SHA256
-diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 48a92f735d..34afe91b88 100644
---- a/test/recipes/80-test_cms.t
-+++ b/test/recipes/80-test_cms.t
-@@ -162,7 +162,7 @@ my @smime_pkcs7_tests = (
- [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont, "-md", "sha1",
- "-certfile", $smroot,
- "-signer", $smrsa1, "-out", "{output}.cms" ],
-- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
-+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms",
- "-CAfile", $smroot, "-out", "{output}.txt" ],
- \&final_compare
- ],
-@@ -170,7 +170,7 @@ my @smime_pkcs7_tests = (
- [ "signed zero-length content S/MIME format, RSA key SHA1",
- [ "{cmd1}", @defaultprov, "-sign", "-in", $smcont_zero, "-md", "sha1",
- "-certfile", $smroot, "-signer", $smrsa1, "-out", "{output}.cms" ],
-- [ "{cmd2}", @prov, "-verify", "-in", "{output}.cms",
-+ [ "{cmd2}", @defaultprov, "-verify", "-in", "{output}.cms",
- "-CAfile", $smroot, "-out", "{output}.txt" ],
- \&zero_compare
- ],
-diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
-index 8c52b637fc..ff75c5b6ec 100644
---- a/test/recipes/80-test_ssl_old.t
-+++ b/test/recipes/80-test_ssl_old.t
-@@ -394,6 +394,9 @@ sub testssl {
- 'test sslv2/sslv3 with 1024bit DHE via BIO pair');
- }
-
-+ SKIP: {
-+ skip "SSLv3 is not supported by the FIPS provider", 4
-+ if $provider eq "fips";
- ok(run(test([@ssltest, "-bio_pair", "-server_auth", @CA])),
- 'test sslv2/sslv3 with server authentication');
- ok(run(test([@ssltest, "-bio_pair", "-client_auth", @CA])),
-@@ -402,6 +405,7 @@ sub testssl {
- 'test sslv2/sslv3 with both client and server authentication via BIO pair');
- ok(run(test([@ssltest, "-bio_pair", "-server_auth", "-client_auth", "-app_verify", @CA])),
- 'test sslv2/sslv3 with both client and server authentication via BIO pair and app verify');
-+ }
-
- SKIP: {
- skip "No IPv4 available on this machine", 4
diff --git a/0062-fips-Expose-a-FIPS-indicator.patch b/0062-fips-Expose-a-FIPS-indicator.patch
deleted file mode 100644
index f1ad59d..0000000
--- a/0062-fips-Expose-a-FIPS-indicator.patch
+++ /dev/null
@@ -1,466 +0,0 @@
-From e3d6fca1af033d00c47bcd8f9ba28fcf1aa476aa Mon Sep 17 00:00:00 2001
-From: Clemens Lang <cllang@redhat.com>
-Date: Tue, 7 Jun 2022 12:02:49 +0200
-Subject: [PATCH] fips: Expose a FIPS indicator
-
-FIPS 140-3 requires us to indicate whether an operation was using
-approved services or not. The FIPS 140-3 implementation guidelines
-provide two basic approaches to doing this: implicit indicators, and
-explicit indicators.
-
-Implicit indicators are basically the concept of "if the operation
-passes, it was approved". We were originally aiming for implicit
-indicators in our copy of OpenSSL. However, this proved to be a problem,
-because we wanted to certify a signature service, and FIPS 140-3
-requires that a signature service computes the digest to be signed
-within the boundaries of the FIPS module. Since we were planning to
-certify fips.so only, this means that EVP_PKEY_sign/EVP_PKEY_verify
-would have to be blocked. Unfortunately, EVP_SignFinal uses
-EVP_PKEY_sign internally, but outside of fips.so and thus outside of the
-FIPS module boundary. This means that using implicit indicators in
-combination with certifying only fips.so would require us to block both
-EVP_PKEY_sign and EVP_SignFinal, which are the two APIs currently used
-by most users of OpenSSL for signatures.
-
-EVP_DigestSign would be acceptable, but has only been added in 3.0 and
-is thus not yet widely used.
-
-As a consequence, we've decided to introduce explicit indicators so that
-EVP_PKEY_sign and EVP_SignFinal can continue to work for now, but
-FIPS-aware applications can query the explicit indicator to check
-whether the operation was approved.
-
-To avoid affecting the ABI and public API too much, this is implemented
-as an exported symbol in fips.so and a private header, so applications
-that wish to use this will have to dlopen(3) fips.so, locate the
-function using dlsym(3), and then call it. These applications will have
-to build against the private header in order to use the returned
-pointer.
-
-Modify util/mkdef.pl to support exposing a symbol only for a specific
-provider identified by its name and path.
-
-Signed-off-by: Clemens Lang <cllang@redhat.com>
----
- doc/build.info | 6 ++
- doc/man7/fips_module_indicators.pod | 154 ++++++++++++++++++++++++++++
- providers/fips/fipsprov.c | 71 +++++++++++++
- providers/fips/indicator.h | 66 ++++++++++++
- util/mkdef.pl | 25 ++++-
- util/providers.num | 1 +
- 6 files changed, 322 insertions(+), 1 deletion(-)
- create mode 100644 doc/man7/fips_module_indicators.pod
- create mode 100644 providers/fips/indicator.h
-
-diff --git a/doc/build.info b/doc/build.info
-index b0aa4297a4..af235113bb 100644
---- a/doc/build.info
-+++ b/doc/build.info
-@@ -4389,6 +4389,10 @@ DEPEND[html/man7/fips_module.html]=man7/fips_module.pod
- GENERATE[html/man7/fips_module.html]=man7/fips_module.pod
- DEPEND[man/man7/fips_module.7]=man7/fips_module.pod
- GENERATE[man/man7/fips_module.7]=man7/fips_module.pod
-+DEPEND[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod
-+GENERATE[html/man7/fips_module_indicators.html]=man7/fips_module_indicators.pod
-+DEPEND[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod
-+GENERATE[man/man7/fips_module_indicators.7]=man7/fips_module_indicators.pod
- DEPEND[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod
- GENERATE[html/man7/life_cycle-cipher.html]=man7/life_cycle-cipher.pod
- DEPEND[man/man7/life_cycle-cipher.7]=man7/life_cycle-cipher.pod
-@@ -4631,6 +4635,7 @@ html/man7/ct.html \
- html/man7/des_modes.html \
- html/man7/evp.html \
- html/man7/fips_module.html \
-+html/man7/fips_module_indicators.html \
- html/man7/life_cycle-cipher.html \
- html/man7/life_cycle-digest.html \
- html/man7/life_cycle-kdf.html \
-@@ -4754,6 +4759,7 @@ man/man7/ct.7 \
- man/man7/des_modes.7 \
- man/man7/evp.7 \
- man/man7/fips_module.7 \
-+man/man7/fips_module_indicators.7 \
- man/man7/life_cycle-cipher.7 \
- man/man7/life_cycle-digest.7 \
- man/man7/life_cycle-kdf.7 \
-diff --git a/doc/man7/fips_module_indicators.pod b/doc/man7/fips_module_indicators.pod
-new file mode 100644
-index 0000000000..23db2b395c
---- /dev/null
-+++ b/doc/man7/fips_module_indicators.pod
-@@ -0,0 +1,154 @@
-+=pod
-+
-+=head1 NAME
-+
-+fips_module_indicators - Red Hat OpenSSL FIPS module indicators guide
-+
-+=head1 DESCRIPTION
-+
-+This guide documents how the Red Hat Enterprise Linux 9 OpenSSL FIPS provider
-+implements Approved Security Service Indicators according to the FIPS 140-3
-+Implementation Guidelines, section 2.4.C. See
-+L<https://csrc.nist.gov/CSRC/media/Projects/cryptographic-module-validation-program/documents/fips%20140-3/FIPS%20140-3%20IG.pdf>
-+for the FIPS 140-3 Implementation Guidelines.
-+
-+For all approved services except signatures, the Red Hat OpenSSL FIPS provider
-+uses the return code as the indicator as understood by FIPS 140-3. That means
-+that every operation that succeeds denotes use of an approved security service.
-+Operations that do not succeed may not have been approved security services, or
-+may have been used incorrectly.
-+
-+For signatures, an explicit indicator API is available to determine whether
-+a selected operation is an approved security service, in combination with the
-+return code of the operation. For a signature operation to be approved, the
-+explicit indicator must claim it as approved, and it must succeed.
-+
-+=head2 Querying the explicit indicator
-+
-+The Red Hat OpenSSL FIPS provider exports a symbol named
-+I<redhat_ossl_query_fipsindicator> that provides information on which signature
-+operations are approved security functions. To use this function, either link
-+against I<fips.so> directly, or load it at runtime using dlopen(3) and
-+dlsym(3).
-+
-+ #include <openssl/core_dispatch.h>
-+ #include "providers/fips/indicator.h"
-+
-+ void *provider = dlopen("/usr/lib64/ossl-modules/fips.so", RTLD_LAZY);
-+ if (provider == NULL) {
-+ fprintf(stderr, "%s\n", dlerror());
-+ // handle error
-+ }
-+
-+ const OSSL_RH_FIPSINDICATOR_ALORITHM *(*redhat_ossl_query_fipsindicator)(int) \
-+ = dlsym(provider, "redhat_ossl_query_fipsindicator");
-+ if (redhat_ossl_query_fipsindicator == NULL) {
-+ fprintf(stderr, "%s\n", dlerror());
-+ fprintf(stderr, "Does your copy of fips.so have the required Red Hat"
-+ " patches?\n");
-+ // handle error
-+ }
-+
-+Note that this uses the I<providers/fips/indicator.h> header, which is not
-+public. Install the I<openssl-debugsource> package from the I<BaseOS-debuginfo>
-+repository using I<dnf debuginfo-install openssl> and include
-+I</usr/src/debug/openssl-3.*/> in the compiler's include path.
-+
-+I<redhat_ossl_query_fipsindicator> expects an operation ID as its only
-+argument. Currently, the only supported operation ID is I<OSSL_OP_SIGNATURE> to
-+obtain the indicators for signature operations. On success, the return value is
-+a pointer to an array of I<OSSL_RH_FIPSINDICATOR_STRUCT>s. On failure, NULL is
-+returned. The last entry in the array is indicated by I<algorithm_names> being
-+NULL.
-+
-+ typedef struct ossl_rh_fipsindicator_algorithm_st {
-+ const char *algorithm_names; /* key */
-+ const char *property_definition; /* key */
-+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators;
-+ } OSSL_RH_FIPSINDICATOR_ALGORITHM;
-+
-+ typedef struct ossl_rh_fipsindicator_dispatch_st {
-+ int function_id;
-+ int approved;
-+ } OSSL_RH_FIPSINDICATOR_DISPATCH;
-+
-+The I<algorithm_names> field is a colon-separated list of algorithm names from
-+one of the I<PROV_NAMES_...> constants, e.g., I<PROV_NAMES_RSA>. strtok(3) can
-+be used to locate the appropriate entry. See the example below, where
-+I<algorithm> contains the algorithm name to search for:
-+
-+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicator_dispatch = NULL;
-+ const OSSL_RH_FIPSINDICATOR_ALGORITHM *indicator =
-+ redhat_ossl_query_fipsindicator(operation_id);
-+ if (indicator == NULL) {
-+ fprintf(stderr, "No indicator for operation, probably using implicit"
-+ " indicators.\n");
-+ // handle error
-+ }
-+
-+ for (; indicator->algorithm_names != NULL; ++indicator) {
-+ char *algorithm_names = strdup(indicator->algorithm_names);
-+ if (algorithm_names == NULL) {
-+ perror("strdup(3)");
-+ // handle error
-+ }
-+
-+ const char *algorithm_name = strtok(algorithm_names, ":");
-+ for (; algorithm_name != NULL; algorithm_name = strtok(NULL, ":")) {
-+ if (strcasecmp(algorithm_name, algorithm) == 0) {
-+ indicator_dispatch = indicator->indicators;
-+ free(algorithm_names);
-+ algorithm_names = NULL;
-+ break;
-+ }
-+ }
-+ free(algorithm_names);
-+ }
-+ if (indicator_dispatch == NULL) {
-+ fprintf(stderr, "No indicator for algorithm %s.\n", algorithm);
-+ // handle error
-+ }
-+
-+If an appropriate I<OSSL_RH_FIPSINDICATOR_DISPATCH> array is available for the
-+given algorithm name, it maps function IDs to their approval status. The last
-+entry is indicated by a zero I<function_id>. I<approved> is
-+I<OSSL_RH_FIPSINDICATOR_APPROVED> if the operation is an approved security
-+service, or part of an approved security service, or
-+I<OSSL_RH_FIPSINDICATOR_UNAPPROVED> otherwise. Any other value is invalid.
-+Function IDs are I<OSSL_FUNC_*> constants from I<openssl/core_dispatch.h>,
-+e.g., I<OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE> or I<OSSL_FUNC_SIGNATURE_SIGN>.
-+
-+Assuming I<function_id> is the function in question, the following code can be
-+used to query the approval status:
-+
-+ for (; indicator_dispatch->function_id != 0; ++indicator_dispatch) {
-+ if (indicator_dispatch->function_id == function_id) {
-+ switch (indicator_dispatch->approved) {
-+ case OSSL_RH_FIPSINDICATOR_APPROVED:
-+ // approved security service
-+ break;
-+ case OSSL_RH_FIPSINDICATOR_UNAPPROVED:
-+ // unapproved security service
-+ break;
-+ default:
-+ // invalid result
-+ break;
-+ }
-+ break;
-+ }
-+ }
-+
-+=head1 SEE ALSO
-+
-+L<fips_module(7)>, L<provider(7)>
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2022 Red Hat, Inc. All Rights Reserved.
-+
-+Licensed under the Apache License 2.0 (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
-diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index de391ce067..1cfd71c5cf 100644
---- a/providers/fips/fipsprov.c
-+++ b/providers/fips/fipsprov.c
-@@ -23,6 +23,7 @@
- #include "self_test.h"
- #include "crypto/context.h"
- #include "internal/core.h"
-+#include "indicator.h"
-
- static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes";
- static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no";
-@@ -425,6 +426,68 @@ static const OSSL_ALGORITHM fips_signature[] = {
- { NULL, NULL, NULL }
- };
-
-+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_rsa_signature_indicators[] = {
-+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
-+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
-+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
-+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
-+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
-+ { OSSL_FUNC_SIGNATURE_VERIFY_RECOVER, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED }
-+};
-+
-+static const OSSL_RH_FIPSINDICATOR_DISPATCH redhat_ecdsa_signature_indicators[] = {
-+ { OSSL_FUNC_SIGNATURE_NEWCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_SIGN_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
-+ { OSSL_FUNC_SIGNATURE_SIGN, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
-+ { OSSL_FUNC_SIGNATURE_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
-+ { OSSL_FUNC_SIGNATURE_VERIFY, OSSL_RH_FIPSINDICATOR_UNAPPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_FREECTX, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_DUPCTX, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS, OSSL_RH_FIPSINDICATOR_APPROVED },
-+ { 0, OSSL_RH_FIPSINDICATOR_UNAPPROVED }
-+};
-+
-+static const OSSL_RH_FIPSINDICATOR_ALGORITHM redhat_indicator_fips_signature[] = {
-+ { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES,
-+ redhat_rsa_signature_indicators },
-+#ifndef OPENSSL_NO_EC
-+ { PROV_NAMES_ECDSA, FIPS_DEFAULT_PROPERTIES,
-+ redhat_ecdsa_signature_indicators },
-+#endif
-+ { NULL, NULL, NULL }
-+};
-+
- static const OSSL_ALGORITHM fips_asym_cipher[] = {
- { PROV_NAMES_RSA, FIPS_DEFAULT_PROPERTIES, ossl_rsa_asym_cipher_functions },
- { NULL, NULL, NULL }
-@@ -527,6 +590,14 @@ static void fips_deinit_casecmp(void) {
- return NULL;
- }
-
-+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id) {
-+ switch (operation_id) {
-+ case OSSL_OP_SIGNATURE:
-+ return redhat_indicator_fips_signature;
-+ }
-+ return NULL;
-+}
-+
- static void fips_teardown(void *provctx)
- {
- OSSL_LIB_CTX_free(PROV_LIBCTX_OF(provctx));
-diff --git a/providers/fips/indicator.h b/providers/fips/indicator.h
-new file mode 100644
-index 0000000000..b323efe44c
---- /dev/null
-+++ b/providers/fips/indicator.h
-@@ -0,0 +1,66 @@
-+/*
-+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the Apache License 2.0 (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#ifndef OPENSSL_FIPS_INDICATOR_H
-+# define OPENSSL_FIPS_INDICATOR_H
-+# pragma once
-+
-+# ifdef __cplusplus
-+extern "C" {
-+# endif
-+
-+# define OSSL_RH_FIPSINDICATOR_UNAPPROVED (0)
-+# define OSSL_RH_FIPSINDICATOR_APPROVED (1)
-+
-+/*
-+ * FIPS indicator dispatch table element. function_id numbers and the
-+ * functions are defined in core_dispatch.h, see macros with
-+ * 'OSSL_CORE_MAKE_FUNC' in their names.
-+ *
-+ * An array of these is always terminated by function_id == 0
-+ */
-+typedef struct ossl_rh_fipsindicator_dispatch_st {
-+ int function_id;
-+ int approved;
-+} OSSL_RH_FIPSINDICATOR_DISPATCH;
-+
-+/*
-+ * Type to tie together algorithm names, property definition string and the
-+ * algorithm implementation's FIPS indicator status in the form of a FIPS
-+ * indicator dispatch table.
-+ *
-+ * An array of these is always terminated by algorithm_names == NULL
-+ */
-+typedef struct ossl_rh_fipsindicator_algorithm_st {
-+ const char *algorithm_names; /* key */
-+ const char *property_definition; /* key */
-+ const OSSL_RH_FIPSINDICATOR_DISPATCH *indicators;
-+} OSSL_RH_FIPSINDICATOR_ALGORITHM;
-+
-+/**
-+ * Query FIPS indicator status for the given operation. Possible values for
-+ * 'operation_id' are currently only OSSL_OP_SIGNATURE, as all other algorithms
-+ * use implicit indicators. The return value is an array of
-+ * OSSL_RH_FIPSINDICATOR_ALGORITHMs, terminated by an entry with
-+ * algorithm_names == NULL. 'algorithm_names' is a colon-separated list of
-+ * algorithm names, 'property_definition' a comma-separated list of properties,
-+ * and 'indicators' is a list of OSSL_RH_FIPSINDICATOR_DISPATCH structs. This
-+ * list is terminated by function_id == 0. 'function_id' is one of the
-+ * OSSL_FUNC_* constants, e.g., OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL.
-+ *
-+ * If there is no entry in the returned struct for the given operation_id,
-+ * algorithm name, or function_id, the algorithm is unapproved.
-+ */
-+const OSSL_RH_FIPSINDICATOR_ALGORITHM *redhat_ossl_query_fipsindicator(int operation_id);
-+
-+# ifdef __cplusplus
-+}
-+# endif
-+
-+#endif
-diff --git a/util/mkdef.pl b/util/mkdef.pl
-index a1c76f7c97..eda39b71ee 100755
---- a/util/mkdef.pl
-+++ b/util/mkdef.pl
-@@ -149,7 +149,8 @@ $ordinal_opts{filter} =
- return
- $item->exists()
- && platform_filter($item)
-- && feature_filter($item);
-+ && feature_filter($item)
-+ && fips_filter($item, $name);
- };
- my $ordinals = OpenSSL::Ordinals->new(from => $ordinals_file);
-
-@@ -205,6 +206,28 @@ sub feature_filter {
- return $verdict;
- }
-
-+sub fips_filter {
-+ my $item = shift;
-+ my $name = uc(shift);
-+ my @features = ( $item->features() );
-+
-+ # True if no features are defined
-+ return 1 if scalar @features == 0;
-+
-+ my @matches = grep(/^ONLY_.*$/, @features);
-+ if (@matches) {
-+ # There is at least one only_* flag on this symbol, check if any of
-+ # them match the name
-+ for (@matches) {
-+ if ($_ eq "ONLY_${name}") {
-+ return 1;
-+ }
-+ }
-+ return 0;
-+ }
-+ return 1;
-+}
-+
- sub sorter_unix {
- my $by_name = OpenSSL::Ordinals::by_name();
- my %weight = (
-diff --git a/util/providers.num b/util/providers.num
-index 4e2fa81b98..77879d0e5f 100644
---- a/util/providers.num
-+++ b/util/providers.num
-@@ -1 +1,2 @@
- OSSL_provider_init 1 * EXIST::FUNCTION:
-+redhat_ossl_query_fipsindicator 1 * EXIST::FUNCTION:ONLY_PROVIDERS/FIPS
---
-2.35.3
-
diff --git a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch b/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
deleted file mode 100644
index fe4ca7c..0000000
--- a/0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
+++ /dev/null
@@ -1,348 +0,0 @@
-From 62721a92ebec8746888d94bea0082c8d8763219e Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 27/49]
- 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
-
-Patch-name: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
-Patch-id: 73
-Patch-status: |
- # # https://bugzilla.redhat.com/show_bug.cgi?id=2102535
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- crypto/rsa/rsa_local.h | 8 ++
- crypto/rsa/rsa_oaep.c | 34 ++++++--
- providers/fips/self_test_data.inc | 79 ++++++++++---------
- providers/fips/self_test_kats.c | 7 ++
- .../implementations/asymciphers/rsa_enc.c | 41 +++++++++-
- util/perl/OpenSSL/paramnames.pm | 1 +
- 6 files changed, 126 insertions(+), 44 deletions(-)
-
-diff --git a/crypto/rsa/rsa_local.h b/crypto/rsa/rsa_local.h
-index ea70da05ad..dde57a1a0e 100644
---- a/crypto/rsa/rsa_local.h
-+++ b/crypto/rsa/rsa_local.h
-@@ -193,4 +193,12 @@ int ossl_rsa_padding_add_PKCS1_type_2_ex(OSSL_LIB_CTX *libctx, unsigned char *to
- int tlen, const unsigned char *from,
- int flen);
-
-+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
-+ unsigned char *to, int tlen,
-+ const unsigned char *from, int flen,
-+ const unsigned char *param,
-+ int plen, const EVP_MD *md,
-+ const EVP_MD *mgf1md,
-+ const char *redhat_st_seed);
-+
- #endif /* OSSL_CRYPTO_RSA_LOCAL_H */
-diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
-index b9030440c4..3d665c3860 100644
---- a/crypto/rsa/rsa_oaep.c
-+++ b/crypto/rsa/rsa_oaep.c
-@@ -44,6 +44,10 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
- param, plen, NULL, NULL);
- }
-
-+#ifdef FIPS_MODULE
-+extern int REDHAT_FIPS_asym_cipher_st;
-+#endif /* FIPS_MODULE */
-+
- /*
- * Perform the padding as per NIST 800-56B 7.2.2.3
- * from (K) is the key material.
-@@ -51,12 +55,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
- * Step numbers are included here but not in the constant time inverse below
- * to avoid complicating an already difficult enough function.
- */
--int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
-- unsigned char *to, int tlen,
-- const unsigned char *from, int flen,
-- const unsigned char *param,
-- int plen, const EVP_MD *md,
-- const EVP_MD *mgf1md)
-+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
-+ unsigned char *to, int tlen,
-+ const unsigned char *from, int flen,
-+ const unsigned char *param,
-+ int plen, const EVP_MD *md,
-+ const EVP_MD *mgf1md,
-+ const char *redhat_st_seed)
- {
- int rv = 0;
- int i, emlen = tlen - 1;
-@@ -107,6 +112,11 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
- db[emlen - flen - mdlen - 1] = 0x01;
- memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
- /* step 3d: generate random byte string */
-+#ifdef FIPS_MODULE
-+ if (redhat_st_seed != NULL && REDHAT_FIPS_asym_cipher_st) {
-+ memcpy(seed, redhat_st_seed, mdlen);
-+ } else
-+#endif
- if (RAND_bytes_ex(libctx, seed, mdlen, 0) <= 0)
- goto err;
-
-@@ -136,6 +146,18 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
- return rv;
- }
-
-+int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OSSL_LIB_CTX *libctx,
-+ unsigned char *to, int tlen,
-+ const unsigned char *from, int flen,
-+ const unsigned char *param,
-+ int plen, const EVP_MD *md,
-+ const EVP_MD *mgf1md)
-+{
-+ return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(libctx, to, tlen, from,
-+ flen, param, plen, md,
-+ mgf1md, NULL);
-+}
-+
- int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
- const unsigned char *from, int flen,
- const unsigned char *param, int plen,
-diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
-index 4b80bb70b9..c33ecd0791 100644
---- a/providers/fips/self_test_data.inc
-+++ b/providers/fips/self_test_data.inc
-@@ -1296,14 +1296,21 @@ static const ST_KAT_PARAM rsa_priv_key[] = {
- };
-
- /*-
-- * Using OSSL_PKEY_RSA_PAD_MODE_NONE directly in the expansion of the
-+ * Using OSSL_PKEY_RSA_PAD_MODE_OAEP directly in the expansion of the
- * ST_KAT_PARAM_UTF8STRING macro below causes a failure on ancient
- * HP/UX PA-RISC compilers.
- */
--static const char pad_mode_none[] = OSSL_PKEY_RSA_PAD_MODE_NONE;
-+static const char pad_mode_oaep[] = OSSL_PKEY_RSA_PAD_MODE_OAEP;
-+static const char oaep_fixed_seed[] = {
-+ 0xf6, 0x10, 0xef, 0x0a, 0x97, 0xbf, 0x91, 0x25,
-+ 0x97, 0xcf, 0x8e, 0x0a, 0x75, 0x51, 0x2f, 0xab,
-+ 0x2e, 0x4b, 0x2c, 0xe6
-+};
-
- static const ST_KAT_PARAM rsa_enc_params[] = {
-- ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_none),
-+ ST_KAT_PARAM_UTF8STRING(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode_oaep),
-+ ST_KAT_PARAM_OCTET(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED,
-+ oaep_fixed_seed),
- ST_KAT_PARAM_END()
- };
-
-@@ -1342,43 +1349,43 @@ static const unsigned char rsa_expected_sig[256] = {
- 0x2c, 0x68, 0xf0, 0x37, 0xa9, 0xd2, 0x56, 0xd6
- };
-
--static const unsigned char rsa_asym_plaintext_encrypt[256] = {
-+static const unsigned char rsa_asym_plaintext_encrypt[208] = {
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
- };
- static const unsigned char rsa_asym_expected_encrypt[256] = {
-- 0x54, 0xac, 0x23, 0x96, 0x1d, 0x82, 0x5d, 0x8b,
-- 0x8f, 0x36, 0x33, 0xd0, 0xf4, 0x02, 0xa2, 0x61,
-- 0xb1, 0x13, 0xd4, 0x4a, 0x46, 0x06, 0x37, 0x3c,
-- 0xbf, 0x40, 0x05, 0x3c, 0xc6, 0x3b, 0x64, 0xdc,
-- 0x22, 0x22, 0xaf, 0x36, 0x79, 0x62, 0x45, 0xf0,
-- 0x97, 0x82, 0x22, 0x44, 0x86, 0x4a, 0x7c, 0xfa,
-- 0xac, 0x03, 0x21, 0x84, 0x3f, 0x31, 0xad, 0x2a,
-- 0xa4, 0x6e, 0x7a, 0xc5, 0x93, 0xf3, 0x0f, 0xfc,
-- 0xf1, 0x62, 0xce, 0x82, 0x12, 0x45, 0xc9, 0x35,
-- 0xb0, 0x7a, 0xcd, 0x99, 0x8c, 0x91, 0x6b, 0x5a,
-- 0xd3, 0x46, 0xdb, 0xf9, 0x9e, 0x52, 0x49, 0xbd,
-- 0x1e, 0xe8, 0xda, 0xac, 0x61, 0x47, 0xc2, 0xda,
-- 0xfc, 0x1e, 0xfb, 0x74, 0xd7, 0xd6, 0xc1, 0x18,
-- 0x86, 0x3e, 0x20, 0x9c, 0x7a, 0xe1, 0x04, 0xb7,
-- 0x38, 0x43, 0xb1, 0x4e, 0xa0, 0xd8, 0xc1, 0x39,
-- 0x4d, 0xe1, 0xd3, 0xb0, 0xb3, 0xf1, 0x82, 0x87,
-- 0x1f, 0x74, 0xb5, 0x69, 0xfd, 0x33, 0xd6, 0x21,
-- 0x7c, 0x61, 0x60, 0x28, 0xca, 0x70, 0xdb, 0xa0,
-- 0xbb, 0xc8, 0x73, 0xa9, 0x82, 0xf8, 0x6b, 0xd8,
-- 0xf0, 0xc9, 0x7b, 0x20, 0xdf, 0x9d, 0xfb, 0x8c,
-- 0xd4, 0xa2, 0x89, 0xe1, 0x9b, 0x04, 0xad, 0xaa,
-- 0x11, 0x6c, 0x8f, 0xce, 0x83, 0x29, 0x56, 0x69,
-- 0xbb, 0x00, 0x3b, 0xef, 0xca, 0x2d, 0xcd, 0x52,
-- 0xc8, 0xf1, 0xb3, 0x9b, 0xb4, 0x4f, 0x6d, 0x9c,
-- 0x3d, 0x69, 0xcc, 0x6d, 0x1f, 0x38, 0x4d, 0xe6,
-- 0xbb, 0x0c, 0x87, 0xdc, 0x5f, 0xa9, 0x24, 0x93,
-- 0x03, 0x46, 0xa2, 0x33, 0x6c, 0xf4, 0xd8, 0x5d,
-- 0x68, 0xf3, 0xd3, 0xe0, 0xf2, 0x30, 0xdb, 0xf5,
-- 0x4f, 0x0f, 0xad, 0xc7, 0xd0, 0xaa, 0x47, 0xd9,
-- 0x9f, 0x85, 0x1b, 0x2e, 0x6c, 0x3c, 0x57, 0x04,
-- 0x29, 0xf4, 0xf5, 0x66, 0x7d, 0x93, 0x4a, 0xaa,
-- 0x05, 0x52, 0x55, 0xc1, 0xc6, 0x06, 0x90, 0xab,
-+ 0x6c, 0x21, 0xc1, 0x9e, 0x94, 0xee, 0xdf, 0x74,
-+ 0x3a, 0x3c, 0x7c, 0x04, 0x1a, 0x53, 0x9e, 0x7c,
-+ 0x42, 0xac, 0x7e, 0x28, 0x9a, 0xb7, 0xe2, 0x4e,
-+ 0x87, 0xd4, 0x00, 0x69, 0x71, 0xf0, 0x3e, 0x0b,
-+ 0xc1, 0xda, 0xd6, 0xbd, 0x21, 0x39, 0x4f, 0x25,
-+ 0x22, 0x1f, 0x76, 0x0d, 0x62, 0x1f, 0xa2, 0x89,
-+ 0xdb, 0x38, 0x32, 0x88, 0x21, 0x1d, 0x89, 0xf1,
-+ 0xe0, 0x14, 0xd4, 0xb7, 0x90, 0xfc, 0xbc, 0x50,
-+ 0xb0, 0x8d, 0x5c, 0x2f, 0x49, 0x9e, 0x90, 0x17,
-+ 0x9e, 0x60, 0x9f, 0xe1, 0x77, 0x4f, 0x11, 0xa2,
-+ 0xcf, 0x16, 0x65, 0x2d, 0x4a, 0x2c, 0x12, 0xcb,
-+ 0x1e, 0x3c, 0x29, 0x8b, 0xdc, 0x27, 0x06, 0x9d,
-+ 0xf4, 0x0d, 0xe1, 0xc9, 0xeb, 0x14, 0x6a, 0x7e,
-+ 0xfd, 0xa7, 0xa8, 0xa7, 0x51, 0x82, 0x62, 0x0f,
-+ 0x29, 0x8d, 0x8c, 0x5e, 0xf2, 0xb8, 0xcd, 0xd3,
-+ 0x51, 0x92, 0xa7, 0x25, 0x39, 0x9d, 0xdd, 0x06,
-+ 0xff, 0xb1, 0xb0, 0xd5, 0x61, 0x03, 0x8f, 0x25,
-+ 0x5c, 0x49, 0x12, 0xc1, 0x50, 0x67, 0x61, 0x78,
-+ 0xb3, 0xe3, 0xc4, 0xf6, 0x36, 0x16, 0xa9, 0x04,
-+ 0x91, 0x0a, 0x4b, 0x27, 0x28, 0x97, 0x50, 0x7c,
-+ 0x65, 0x2d, 0xd0, 0x08, 0x71, 0x84, 0xe7, 0x47,
-+ 0x79, 0x83, 0x91, 0x46, 0xd9, 0x8f, 0x79, 0xce,
-+ 0x49, 0xcb, 0xcd, 0x8b, 0x34, 0xac, 0x61, 0xe0,
-+ 0xe6, 0x55, 0xbf, 0x10, 0xe4, 0xac, 0x9a, 0xd6,
-+ 0xed, 0xc1, 0xc2, 0xb6, 0xb6, 0xf7, 0x41, 0x99,
-+ 0xde, 0xfa, 0xde, 0x11, 0x16, 0xa2, 0x18, 0x30,
-+ 0x30, 0xdc, 0x95, 0x76, 0x2f, 0x46, 0x43, 0x20,
-+ 0xc4, 0xe7, 0x50, 0xb9, 0x1e, 0xcd, 0x69, 0xbb,
-+ 0x29, 0x94, 0x27, 0x9c, 0xc9, 0xab, 0xb4, 0x27,
-+ 0x8b, 0x4d, 0xe1, 0xcb, 0xc1, 0x04, 0x2c, 0x66,
-+ 0x41, 0x3a, 0x4d, 0xeb, 0x61, 0x4c, 0x77, 0x5a,
-+ 0xee, 0xb0, 0xca, 0x99, 0x0e, 0x7f, 0xbe, 0x06
- };
-
- #ifndef OPENSSL_NO_EC
-diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
-index f13c41abd6..4ea10670c0 100644
---- a/providers/fips/self_test_kats.c
-+++ b/providers/fips/self_test_kats.c
-@@ -642,14 +642,21 @@ static int self_test_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
- return ret;
- }
-
-+int REDHAT_FIPS_asym_cipher_st = 0;
-+
- static int self_test_asym_ciphers(OSSL_SELF_TEST *st, OSSL_LIB_CTX *libctx)
- {
- int i, ret = 1;
-
-+ REDHAT_FIPS_asym_cipher_st = 1;
-+
- for (i = 0; i < (int)OSSL_NELEM(st_kat_asym_cipher_tests); ++i) {
- if (!self_test_asym_cipher(&st_kat_asym_cipher_tests[i], st, libctx))
- ret = 0;
- }
-+
-+ REDHAT_FIPS_asym_cipher_st = 0;
-+
- return ret;
- }
-
-diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
-index d548560f1f..f3443b0c66 100644
---- a/providers/implementations/asymciphers/rsa_enc.c
-+++ b/providers/implementations/asymciphers/rsa_enc.c
-@@ -30,6 +30,9 @@
- #include "prov/implementations.h"
- #include "prov/providercommon.h"
- #include "prov/securitycheck.h"
-+#ifdef FIPS_MODULE
-+# include "crypto/rsa/rsa_local.h"
-+#endif
-
- #include <stdlib.h>
-
-@@ -75,6 +78,9 @@ typedef struct {
- /* TLS padding */
- unsigned int client_version;
- unsigned int alt_version;
-+#ifdef FIPS_MODULE
-+ char *redhat_st_oaep_seed;
-+#endif /* FIPS_MODULE */
- /* PKCS#1 v1.5 decryption mode */
- unsigned int implicit_rejection;
- } PROV_RSA_CTX;
-@@ -193,12 +199,21 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
- }
- }
- ret =
-- ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
-+#ifdef FIPS_MODULE
-+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(
-+#else
-+ ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(
-+#endif
-+ prsactx->libctx, tbuf,
- rsasize, in, inlen,
- prsactx->oaep_label,
- prsactx->oaep_labellen,
- prsactx->oaep_md,
-- prsactx->mgf1_md);
-+ prsactx->mgf1_md
-+#ifdef FIPS_MODULE
-+ , prsactx->redhat_st_oaep_seed
-+#endif
-+ );
-
- if (!ret) {
- OPENSSL_free(tbuf);
-@@ -332,6 +347,9 @@ static void rsa_freectx(void *vprsactx)
- EVP_MD_free(prsactx->oaep_md);
- EVP_MD_free(prsactx->mgf1_md);
- OPENSSL_free(prsactx->oaep_label);
-+#ifdef FIPS_MODULE
-+ OPENSSL_free(prsactx->redhat_st_oaep_seed);
-+#endif /* FIPS_MODULE */
-
- OPENSSL_free(prsactx);
- }
-@@ -455,6 +473,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
- NULL, 0),
- OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL),
- OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
-+#endif /* FIPS_MODULE */
- OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL),
- OSSL_PARAM_END
- };
-@@ -465,6 +486,10 @@ static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
- return known_gettable_ctx_params;
- }
-
-+#ifdef FIPS_MODULE
-+extern int REDHAT_FIPS_asym_cipher_st;
-+#endif /* FIPS_MODULE */
-+
- static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
- {
- PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
-@@ -576,6 +601,18 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
- prsactx->oaep_labellen = tmp_labellen;
- }
-
-+#ifdef FIPS_MODULE
-+ p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED);
-+ if (p != NULL && REDHAT_FIPS_asym_cipher_st) {
-+ void *tmp_oaep_seed = NULL;
-+
-+ if (!OSSL_PARAM_get_octet_string(p, &tmp_oaep_seed, 0, NULL))
-+ return 0;
-+ OPENSSL_free(prsactx->redhat_st_oaep_seed);
-+ prsactx->redhat_st_oaep_seed = (char *)tmp_oaep_seed;
-+ }
-+#endif /* FIPS_MODULE */
-+
- p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION);
- if (p != NULL) {
- unsigned int client_version;
-diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
-index c37ed7815f..70f7c50fe4 100644
---- a/util/perl/OpenSSL/paramnames.pm
-+++ b/util/perl/OpenSSL/paramnames.pm
-@@ -401,6 +401,7 @@ my %params = (
- 'ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION' => "tls-client-version",
- 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version",
- 'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection",
-+ 'ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED' => "redhat-kat-oaep-seed",
-
- # Encoder / decoder parameters
-
---
-2.44.0
-
diff --git a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch b/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
deleted file mode 100644
index 7751f05..0000000
--- a/0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
+++ /dev/null
@@ -1,317 +0,0 @@
-From dc41625dc4a793f0e21188165711181ca085339b Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:16 +0100
-Subject: [PATCH 28/49]
- 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
-
-Patch-name: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
-Patch-id: 74
-Patch-status: |
- # [PATCH 29/46]
- # 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- crypto/evp/m_sigver.c | 54 ++++++++++++++++++++++++++++-----
- providers/fips/self_test_kats.c | 43 +++++++++++++++-----------
- 2 files changed, 73 insertions(+), 24 deletions(-)
-
-diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index fd3a4b79df..3e9f33c26c 100644
---- a/crypto/evp/m_sigver.c
-+++ b/crypto/evp/m_sigver.c
-@@ -90,6 +90,7 @@ static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
- ERR_raise(ERR_LIB_EVP, EVP_R_ONLY_ONESHOT_SUPPORTED);
- return 0;
- }
-+#endif /* !defined(FIPS_MODULE) */
-
- /*
- * If we get the "NULL" md then the name comes back as "UNDEF". We want to use
-@@ -125,8 +126,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- reinit = 0;
- if (e == NULL)
- ctx->pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, props);
-+#ifndef FIPS_MODULE
- else
- ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
-+#endif /* !defined(FIPS_MODULE) */
- }
- if (ctx->pctx == NULL)
- return 0;
-@@ -136,8 +139,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- locpctx = ctx->pctx;
- ERR_set_mark();
-
-+#ifndef FIPS_MODULE
- if (evp_pkey_ctx_is_legacy(locpctx))
- goto legacy;
-+#endif /* !defined(FIPS_MODULE) */
-
- /* do not reinitialize if pkey is set or operation is different */
- if (reinit
-@@ -222,8 +227,10 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- signature =
- evp_signature_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
- supported_sig, locpctx->propquery);
-+#ifndef FIPS_MODULE
- if (signature == NULL)
- goto legacy;
-+#endif /* !defined(FIPS_MODULE) */
- break;
- }
- if (signature == NULL)
-@@ -307,6 +314,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- ctx->fetched_digest = EVP_MD_fetch(locpctx->libctx, mdname, props);
- if (ctx->fetched_digest != NULL) {
- ctx->digest = ctx->reqdigest = ctx->fetched_digest;
-+#ifndef FIPS_MODULE
- } else {
- /* legacy engine support : remove the mark when this is deleted */
- ctx->reqdigest = ctx->digest = EVP_get_digestbyname(mdname);
-@@ -315,11 +323,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
- goto err;
- }
-+#endif /* !defined(FIPS_MODULE) */
- }
- (void)ERR_pop_to_mark();
- }
- }
-
-+#ifndef FIPS_MODULE
- if (ctx->reqdigest != NULL
- && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
- && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
-@@ -331,6 +341,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- goto err;
- }
- }
-+#endif /* !defined(FIPS_MODULE) */
-
- if (ver) {
- if (signature->digest_verify_init == NULL) {
-@@ -363,6 +374,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- EVP_KEYMGMT_free(tmp_keymgmt);
- return 0;
-
-+#ifndef FIPS_MODULE
- legacy:
- /*
- * If we don't have the full support we need with provided methods,
-@@ -434,6 +446,7 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- ctx->pctx->flag_call_digest_custom = 1;
-
- ret = 1;
-+#endif /* !defined(FIPS_MODULE) */
-
- end:
- #ifndef FIPS_MODULE
-@@ -476,7 +489,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- return do_sigver_init(ctx, pctx, type, NULL, NULL, NULL, e, pkey, 1,
- NULL);
- }
--#endif /* FIPS_MDOE */
-
- int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
- {
-@@ -548,24 +560,31 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
- return EVP_DigestUpdate(ctx, data, dsize);
- }
-
--#ifndef FIPS_MODULE
- int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
- size_t *siglen)
- {
-- int sctx = 0, r = 0;
-- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
-+ int r = 0;
-+#ifndef FIPS_MODULE
-+ int sctx = 0;
-+ EVP_PKEY_CTX *dctx = NULL;
-+#endif /* !defined(FIPS_MODULE) */
-+ EVP_PKEY_CTX *pctx = ctx->pctx;
-+
-
- if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
- ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
- return 0;
- }
-
-+#ifndef FIPS_MODULE
- if (pctx == NULL
- || pctx->operation != EVP_PKEY_OP_SIGNCTX
- || pctx->op.sig.algctx == NULL
- || pctx->op.sig.signature == NULL)
- goto legacy;
-+#endif /* !defined(FIPS_MODULE) */
-
-+#ifndef FIPS_MODULE
- if (sigret != NULL && (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
- /* try dup */
- dctx = EVP_PKEY_CTX_dup(pctx);
-@@ -580,7 +599,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
- else
- EVP_PKEY_CTX_free(dctx);
- return r;
-+#else
-+ r = pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
-+ sigret, siglen,
-+ sigret == NULL ? 0 : *siglen);
-+ return r;
-+#endif /* !defined(FIPS_MODULE) */
-
-+#ifndef FIPS_MODULE
- legacy:
- if (pctx == NULL || pctx->pmeth == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
-@@ -653,6 +679,7 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
- }
- }
- return 1;
-+#endif /* !defined(FIPS_MODULE) */
- }
-
- int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
-@@ -691,23 +718,30 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
- int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
- size_t siglen)
- {
-- unsigned char md[EVP_MAX_MD_SIZE];
- int r = 0;
-+#ifndef FIPS_MODULE
-+ unsigned char md[EVP_MAX_MD_SIZE];
- unsigned int mdlen = 0;
- int vctx = 0;
-- EVP_PKEY_CTX *dctx = NULL, *pctx = ctx->pctx;
-+ EVP_PKEY_CTX *dctx = NULL;
-+#endif /* !defined(FIPS_MODULE) */
-+ EVP_PKEY_CTX *pctx = ctx->pctx;
-+
-
- if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISED) != 0) {
- ERR_raise(ERR_LIB_EVP, EVP_R_FINAL_ERROR);
- return 0;
- }
-
-+#ifndef FIPS_MODULE
- if (pctx == NULL
- || pctx->operation != EVP_PKEY_OP_VERIFYCTX
- || pctx->op.sig.algctx == NULL
- || pctx->op.sig.signature == NULL)
- goto legacy;
-+#endif /* !defined(FIPS_MODULE) */
-
-+#ifndef FIPS_MODULE
- if ((ctx->flags & EVP_MD_CTX_FLAG_FINALISE) == 0) {
- /* try dup */
- dctx = EVP_PKEY_CTX_dup(pctx);
-@@ -721,7 +755,13 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
- else
- EVP_PKEY_CTX_free(dctx);
- return r;
-+#else
-+ r = pctx->op.sig.signature->digest_verify_final(pctx->op.sig.algctx,
-+ sig, siglen);
-+ return r;
-+#endif /* !defined(FIPS_MODULE) */
-
-+#ifndef FIPS_MODULE
- legacy:
- if (pctx == NULL || pctx->pmeth == NULL) {
- ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
-@@ -762,6 +802,7 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
- if (vctx || !r)
- return r;
- return EVP_PKEY_verify(pctx, sig, siglen, md, mdlen);
-+#endif /* !defined(FIPS_MODULE) */
- }
-
- int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
-@@ -794,4 +835,3 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
- return -1;
- return EVP_DigestVerifyFinal(ctx, sigret, siglen);
- }
--#endif /* FIPS_MODULE */
-diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
-index 4ea10670c0..5eb27c8ed2 100644
---- a/providers/fips/self_test_kats.c
-+++ b/providers/fips/self_test_kats.c
-@@ -450,10 +450,13 @@ static int self_test_sign(const ST_KAT_SIGN *t,
- int ret = 0;
- OSSL_PARAM *params = NULL, *params_sig = NULL;
- OSSL_PARAM_BLD *bld = NULL;
-+ EVP_MD *md = NULL;
-+ EVP_MD_CTX *ctx = NULL;
- EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
- EVP_PKEY *pkey = NULL;
-- unsigned char sig[256];
- BN_CTX *bnctx = NULL;
-+ const char *msg = "Hello World!";
-+ unsigned char sig[256];
- size_t siglen = sizeof(sig);
- static const unsigned char dgst[] = {
- 0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
-@@ -487,23 +490,26 @@ static int self_test_sign(const ST_KAT_SIGN *t,
- || EVP_PKEY_fromdata(kctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
- goto err;
-
-- /* Create a EVP_PKEY_CTX to use for the signing operation */
-- sctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey, NULL);
-- if (sctx == NULL
-- || EVP_PKEY_sign_init(sctx) <= 0)
-- goto err;
--
-- /* set signature parameters */
-- if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
-- t->mdalgorithm,
-- strlen(t->mdalgorithm) + 1))
-- goto err;
-+ /* Create a EVP_MD_CTX to use for the signature operation, assign signature
-+ * parameters and sign */
- params_sig = OSSL_PARAM_BLD_to_param(bld);
-- if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
-+ md = EVP_MD_fetch(libctx, "SHA256", NULL);
-+ ctx = EVP_MD_CTX_new();
-+ if (md == NULL || ctx == NULL)
-+ goto err;
-+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
-+ if (EVP_DigestSignInit(ctx, &sctx, md, NULL, pkey) <= 0
-+ || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0
-+ || EVP_DigestSign(ctx, sig, &siglen, (const unsigned char *)msg, strlen(msg)) <= 0
-+ || EVP_MD_CTX_reset(ctx) <= 0)
- goto err;
-
-- if (EVP_PKEY_sign(sctx, sig, &siglen, dgst, sizeof(dgst)) <= 0
-- || EVP_PKEY_verify_init(sctx) <= 0
-+ /* sctx is not freed automatically inside the FIPS module */
-+ EVP_PKEY_CTX_free(sctx);
-+ sctx = NULL;
-+
-+ EVP_MD_CTX_set_flags(ctx, EVP_MD_CTX_FLAG_FINALISE | EVP_MD_CTX_FLAG_ONESHOT);
-+ if (EVP_DigestVerifyInit(ctx, &sctx, md, NULL, pkey) <= 0
- || EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
- goto err;
-
-@@ -513,14 +519,17 @@ static int self_test_sign(const ST_KAT_SIGN *t,
- goto err;
-
- OSSL_SELF_TEST_oncorrupt_byte(st, sig);
-- if (EVP_PKEY_verify(sctx, sig, siglen, dgst, sizeof(dgst)) <= 0)
-+ if (EVP_DigestVerify(ctx, sig, siglen, (const unsigned char *)msg, strlen(msg)) <= 0)
- goto err;
- ret = 1;
- err:
- BN_CTX_free(bnctx);
- EVP_PKEY_free(pkey);
-- EVP_PKEY_CTX_free(kctx);
-+ EVP_MD_free(md);
-+ EVP_MD_CTX_free(ctx);
-+ /* sctx is not freed automatically inside the FIPS module */
- EVP_PKEY_CTX_free(sctx);
-+ EVP_PKEY_CTX_free(kctx);
- OSSL_PARAM_free(params);
- OSSL_PARAM_free(params_sig);
- OSSL_PARAM_BLD_free(bld);
---
-2.44.0
-
diff --git a/0075-FIPS-Use-FFDHE2048-in-self-test.patch b/0075-FIPS-Use-FFDHE2048-in-self-test.patch
deleted file mode 100644
index 096e62d..0000000
--- a/0075-FIPS-Use-FFDHE2048-in-self-test.patch
+++ /dev/null
@@ -1,378 +0,0 @@
-From e385647549c467fe263b68b72dd21bdfb875ee88 Mon Sep 17 00:00:00 2001
-From: Clemens Lang <cllang@redhat.com>
-Date: Fri, 22 Jul 2022 17:51:16 +0200
-Subject: [PATCH 2/2] FIPS: Use FFDHE2048 in self test
-
-Signed-off-by: Clemens Lang <cllang@redhat.com>
----
- providers/fips/self_test_data.inc | 342 +++++++++++++++---------------
- 1 file changed, 172 insertions(+), 170 deletions(-)
-
-diff --git a/providers/fips/self_test_data.inc b/providers/fips/self_test_data.inc
-index a29cc650b5..1b5623833f 100644
---- a/providers/fips/self_test_data.inc
-+++ b/providers/fips/self_test_data.inc
-@@ -821,188 +821,190 @@ static const ST_KAT_DRBG st_kat_drbg_tests[] =
-
- #ifndef OPENSSL_NO_DH
- /* DH KAT */
-+/* RFC7919 FFDHE2048 p */
- static const unsigned char dh_p[] = {
-- 0xdc, 0xca, 0x15, 0x11, 0xb2, 0x31, 0x32, 0x25,
-- 0xf5, 0x21, 0x16, 0xe1, 0x54, 0x27, 0x89, 0xe0,
-- 0x01, 0xf0, 0x42, 0x5b, 0xcc, 0xc7, 0xf3, 0x66,
-- 0xf7, 0x40, 0x64, 0x07, 0xf1, 0xc9, 0xfa, 0x8b,
-- 0xe6, 0x10, 0xf1, 0x77, 0x8b, 0xb1, 0x70, 0xbe,
-- 0x39, 0xdb, 0xb7, 0x6f, 0x85, 0xbf, 0x24, 0xce,
-- 0x68, 0x80, 0xad, 0xb7, 0x62, 0x9f, 0x7c, 0x6d,
-- 0x01, 0x5e, 0x61, 0xd4, 0x3f, 0xa3, 0xee, 0x4d,
-- 0xe1, 0x85, 0xf2, 0xcf, 0xd0, 0x41, 0xff, 0xde,
-- 0x9d, 0x41, 0x84, 0x07, 0xe1, 0x51, 0x38, 0xbb,
-- 0x02, 0x1d, 0xae, 0xb3, 0x5f, 0x76, 0x2d, 0x17,
-- 0x82, 0xac, 0xc6, 0x58, 0xd3, 0x2b, 0xd4, 0xb0,
-- 0x23, 0x2c, 0x92, 0x7d, 0xd3, 0x8f, 0xa0, 0x97,
-- 0xb3, 0xd1, 0x85, 0x9f, 0xa8, 0xac, 0xaf, 0xb9,
-- 0x8f, 0x06, 0x66, 0x08, 0xfc, 0x64, 0x4e, 0xc7,
-- 0xdd, 0xb6, 0xf0, 0x85, 0x99, 0xf9, 0x2a, 0xc1,
-- 0xb5, 0x98, 0x25, 0xda, 0x84, 0x32, 0x07, 0x7d,
-- 0xef, 0x69, 0x56, 0x46, 0x06, 0x3c, 0x20, 0x82,
-- 0x3c, 0x95, 0x07, 0xab, 0x6f, 0x01, 0x76, 0xd4,
-- 0x73, 0x0d, 0x99, 0x0d, 0xbb, 0xe6, 0x36, 0x1c,
-- 0xd8, 0xb2, 0xb9, 0x4d, 0x3d, 0x2f, 0x32, 0x9b,
-- 0x82, 0x09, 0x9b, 0xd6, 0x61, 0xf4, 0x29, 0x50,
-- 0xf4, 0x03, 0xdf, 0x3e, 0xde, 0x62, 0xa3, 0x31,
-- 0x88, 0xb0, 0x27, 0x98, 0xba, 0x82, 0x3f, 0x44,
-- 0xb9, 0x46, 0xfe, 0x9d, 0xf6, 0x77, 0xa0, 0xc5,
-- 0xa1, 0x23, 0x8e, 0xaa, 0x97, 0xb7, 0x0f, 0x80,
-- 0xda, 0x8c, 0xac, 0x88, 0xe0, 0x92, 0xb1, 0x12,
-- 0x70, 0x60, 0xff, 0xbf, 0x45, 0x57, 0x99, 0x94,
-- 0x01, 0x1d, 0xc2, 0xfa, 0xa5, 0xe7, 0xf6, 0xc7,
-- 0x62, 0x45, 0xe1, 0xcc, 0x31, 0x22, 0x31, 0xc1,
-- 0x7d, 0x1c, 0xa6, 0xb1, 0x90, 0x07, 0xef, 0x0d,
-- 0xb9, 0x9f, 0x9c, 0xb6, 0x0e, 0x1d, 0x5f, 0x69
--};
-+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-+ 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a,
-+ 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1,
-+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95,
-+ 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb,
-+ 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9,
-+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8,
-+ 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a,
-+ 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61,
-+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0,
-+ 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3,
-+ 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
-+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77,
-+ 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72,
-+ 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
-+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a,
-+ 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61,
-+ 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb,
-+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68,
-+ 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4,
-+ 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19,
-+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70,
-+ 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec,
-+ 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61,
-+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff,
-+ 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83,
-+ 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73,
-+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05,
-+ 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2,
-+ 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
-+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97,
-+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
-+};
-+/* RFC7919 FFDHE2048 q */
- static const unsigned char dh_q[] = {
-- 0x89, 0x8b, 0x22, 0x67, 0x17, 0xef, 0x03, 0x9e,
-- 0x60, 0x3e, 0x82, 0xe5, 0xc7, 0xaf, 0xe4, 0x83,
-- 0x74, 0xac, 0x5f, 0x62, 0x5c, 0x54, 0xf1, 0xea,
-- 0x11, 0xac, 0xb5, 0x7d
--};
-+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-+ 0xd6, 0xfc, 0x2a, 0x2c, 0x51, 0x5d, 0xa5, 0x4d,
-+ 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
-+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a,
-+ 0xd4, 0xf0, 0x9b, 0x20, 0x8a, 0x32, 0x19, 0xfd,
-+ 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
-+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec,
-+ 0x7b, 0x40, 0xd9, 0x01, 0x57, 0x62, 0x30, 0xbd,
-+ 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
-+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68,
-+ 0x42, 0xb1, 0xb2, 0xaa, 0x9e, 0xf6, 0x8d, 0x79,
-+ 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
-+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb,
-+ 0xf1, 0x53, 0x44, 0xed, 0x79, 0xf7, 0xf4, 0x39,
-+ 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
-+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd,
-+ 0x5e, 0x05, 0x58, 0xc1, 0x59, 0x92, 0x7d, 0xb0,
-+ 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
-+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34,
-+ 0x0e, 0xa7, 0xa1, 0x51, 0xef, 0x1c, 0xa6, 0xfa,
-+ 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
-+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8,
-+ 0x4f, 0x01, 0x7e, 0x70, 0xe6, 0xfb, 0xf1, 0x76,
-+ 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
-+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff,
-+ 0xc7, 0x27, 0x89, 0x19, 0x77, 0x79, 0x40, 0xc1,
-+ 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
-+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02,
-+ 0xe2, 0xc7, 0x78, 0xc1, 0xbe, 0x8b, 0x41, 0xd9,
-+ 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
-+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b,
-+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
-+};
-+/* RFC7919 FFDHE2048 g */
- static const unsigned char dh_g[] = {
-- 0x5e, 0xf7, 0xb8, 0x8f, 0x2d, 0xf6, 0x01, 0x39,
-- 0x35, 0x1d, 0xfb, 0xfe, 0x12, 0x66, 0x80, 0x5f,
-- 0xdf, 0x35, 0x6c, 0xdf, 0xd1, 0x3a, 0x4d, 0xa0,
-- 0x05, 0x0c, 0x7e, 0xde, 0x24, 0x6d, 0xf5, 0x9f,
-- 0x6a, 0xbf, 0x96, 0xad, 0xe5, 0xf2, 0xb2, 0x8f,
-- 0xfe, 0x88, 0xd6, 0xbc, 0xe7, 0xf7, 0x89, 0x4a,
-- 0x3d, 0x53, 0x5f, 0xc8, 0x21, 0x26, 0xdd, 0xd4,
-- 0x24, 0x87, 0x2e, 0x16, 0xb8, 0x38, 0xdf, 0x8c,
-- 0x51, 0xe9, 0x01, 0x6f, 0x88, 0x9c, 0x7c, 0x20,
-- 0x3e, 0x98, 0xa8, 0xb6, 0x31, 0xf9, 0xc7, 0x25,
-- 0x63, 0xd3, 0x8a, 0x49, 0x58, 0x9a, 0x07, 0x53,
-- 0xd3, 0x58, 0xe7, 0x83, 0x31, 0x8c, 0xef, 0xd9,
-- 0x67, 0x7c, 0x7b, 0x2d, 0xbb, 0x77, 0xd6, 0xdc,
-- 0xe2, 0xa1, 0x96, 0x37, 0x95, 0xca, 0x64, 0xb9,
-- 0x2d, 0x1c, 0x9a, 0xac, 0x6d, 0x0e, 0x8d, 0x43,
-- 0x1d, 0xe5, 0xe5, 0x00, 0x60, 0xdf, 0xf7, 0x86,
-- 0x89, 0xc9, 0xec, 0xa1, 0xc1, 0x24, 0x8c, 0x16,
-- 0xed, 0x09, 0xc7, 0xad, 0x41, 0x2a, 0x17, 0x40,
-- 0x6d, 0x2b, 0x52, 0x5a, 0xa1, 0xca, 0xbb, 0x23,
-- 0x7b, 0x97, 0x34, 0xec, 0x7b, 0x8c, 0xe3, 0xfa,
-- 0xe0, 0x2f, 0x29, 0xc5, 0xef, 0xed, 0x30, 0xd6,
-- 0x91, 0x87, 0xda, 0x10, 0x9c, 0x2c, 0x9f, 0xe2,
-- 0xaa, 0xdb, 0xb0, 0xc2, 0x2a, 0xf5, 0x4c, 0x61,
-- 0x66, 0x55, 0x00, 0x0c, 0x43, 0x1c, 0x6b, 0x4a,
-- 0x37, 0x97, 0x63, 0xb0, 0xa9, 0x16, 0x58, 0xef,
-- 0xc8, 0x4e, 0x8b, 0x06, 0x35, 0x8c, 0x8b, 0x4f,
-- 0x21, 0x37, 0x10, 0xfd, 0x10, 0x17, 0x2c, 0xf3,
-- 0x9b, 0x83, 0x0c, 0x2d, 0xd8, 0x4a, 0x0c, 0x8a,
-- 0xb8, 0x25, 0x16, 0xec, 0xab, 0x99, 0x5f, 0xa4,
-- 0x21, 0x5e, 0x02, 0x3e, 0x4e, 0xcf, 0x80, 0x74,
-- 0xc3, 0x9d, 0x6c, 0x88, 0xb7, 0x0d, 0x1e, 0xe4,
-- 0xe9, 0x6f, 0xdc, 0x20, 0xea, 0x11, 0x5c, 0x32
-+ 0x02
- };
- static const unsigned char dh_priv[] = {
-- 0x14, 0x33, 0xe0, 0xb5, 0xa9, 0x17, 0xb6, 0x0a,
-- 0x30, 0x23, 0xf2, 0xf8, 0xaa, 0x2c, 0x2d, 0x70,
-- 0xd2, 0x96, 0x8a, 0xba, 0x9a, 0xea, 0xc8, 0x15,
-- 0x40, 0xb8, 0xfc, 0xe6
-+ 0x01, 0xdc, 0x2a, 0xb9, 0x87, 0x71, 0x57, 0x0f,
-+ 0xcd, 0x93, 0x65, 0x4c, 0xa1, 0xd6, 0x56, 0x6d,
-+ 0xc5, 0x35, 0xd5, 0xcb, 0x4c, 0xb8, 0xad, 0x8d,
-+ 0x6c, 0xdc, 0x5d, 0x6e, 0x94
- };
- static const unsigned char dh_pub[] = {
-- 0x95, 0xdd, 0x33, 0x8d, 0x29, 0xe5, 0x71, 0x04,
-- 0x92, 0xb9, 0x18, 0x31, 0x7b, 0x72, 0xa3, 0x69,
-- 0x36, 0xe1, 0x95, 0x1a, 0x2e, 0xe5, 0xa5, 0x59,
-- 0x16, 0x99, 0xc0, 0x48, 0x6d, 0x0d, 0x4f, 0x9b,
-- 0xdd, 0x6d, 0x5a, 0x3f, 0x6b, 0x98, 0x89, 0x0c,
-- 0x62, 0xb3, 0x76, 0x52, 0xd3, 0x6e, 0x71, 0x21,
-- 0x11, 0xe6, 0x8a, 0x73, 0x55, 0x37, 0x25, 0x06,
-- 0x99, 0xef, 0xe3, 0x30, 0x53, 0x73, 0x91, 0xfb,
-- 0xc2, 0xc5, 0x48, 0xbc, 0x5a, 0xc3, 0xe5, 0xb2,
-- 0x33, 0x86, 0xc3, 0xee, 0xf5, 0xeb, 0x43, 0xc0,
-- 0x99, 0xd7, 0x0a, 0x52, 0x02, 0x68, 0x7e, 0x83,
-- 0x96, 0x42, 0x48, 0xfc, 0xa9, 0x1f, 0x40, 0x90,
-- 0x8e, 0x8f, 0xb3, 0x31, 0x93, 0x15, 0xf6, 0xd2,
-- 0x60, 0x6d, 0x7f, 0x7c, 0xd5, 0x2c, 0xc6, 0xe7,
-- 0xc5, 0x84, 0x3a, 0xfb, 0x22, 0x51, 0x9c, 0xf0,
-- 0xf0, 0xf9, 0xd3, 0xa0, 0xa4, 0xe8, 0xc8, 0x88,
-- 0x99, 0xef, 0xed, 0xe7, 0x36, 0x43, 0x51, 0xfb,
-- 0x6a, 0x36, 0x3e, 0xe7, 0x17, 0xe5, 0x44, 0x5a,
-- 0xda, 0xb4, 0xc9, 0x31, 0xa6, 0x48, 0x39, 0x97,
-- 0xb8, 0x7d, 0xad, 0x83, 0x67, 0x7e, 0x4d, 0x1d,
-- 0x3a, 0x77, 0x75, 0xe0, 0xf6, 0xd0, 0x0f, 0xdf,
-- 0x73, 0xc7, 0xad, 0x80, 0x1e, 0x66, 0x5a, 0x0e,
-- 0x5a, 0x79, 0x6d, 0x0a, 0x03, 0x80, 0xa1, 0x9f,
-- 0xa1, 0x82, 0xef, 0xc8, 0xa0, 0x4f, 0x5e, 0x4d,
-- 0xb9, 0x0d, 0x1a, 0x86, 0x37, 0xf9, 0x5d, 0xb1,
-- 0x64, 0x36, 0xbd, 0xc8, 0xf3, 0xfc, 0x09, 0x6c,
-- 0x4f, 0xf7, 0xf2, 0x34, 0xbe, 0x8f, 0xef, 0x47,
-- 0x9a, 0xc4, 0xb0, 0xdc, 0x4b, 0x77, 0x26, 0x3e,
-- 0x07, 0xd9, 0x95, 0x9d, 0xe0, 0xf1, 0xbf, 0x3f,
-- 0x0a, 0xe3, 0xd9, 0xd5, 0x0e, 0x4b, 0x89, 0xc9,
-- 0x9e, 0x3e, 0xa1, 0x21, 0x73, 0x43, 0xdd, 0x8c,
-- 0x65, 0x81, 0xac, 0xc4, 0x95, 0x9c, 0x91, 0xd3
-+ 0x00, 0xc4, 0x82, 0x14, 0x69, 0x16, 0x4c, 0x05,
-+ 0x55, 0x2a, 0x7e, 0x55, 0x6d, 0x02, 0xbb, 0x7f,
-+ 0xcc, 0x63, 0x74, 0xee, 0xcb, 0xb4, 0x98, 0x43,
-+ 0x0e, 0x29, 0x43, 0x0d, 0x44, 0xc7, 0xf1, 0x23,
-+ 0x81, 0xca, 0x1c, 0x5c, 0xc3, 0xff, 0x01, 0x4a,
-+ 0x1a, 0x03, 0x9e, 0x5f, 0xd1, 0x4e, 0xa0, 0x0b,
-+ 0xb9, 0x5c, 0x0d, 0xef, 0x14, 0x01, 0x62, 0x3c,
-+ 0x8a, 0x8e, 0x60, 0xbb, 0x39, 0xd6, 0x38, 0x63,
-+ 0xb7, 0x65, 0xd0, 0x0b, 0x1a, 0xaf, 0x53, 0x38,
-+ 0x10, 0x0f, 0x3e, 0xeb, 0x9d, 0x0c, 0x24, 0xf6,
-+ 0xe3, 0x70, 0x08, 0x8a, 0x4d, 0x01, 0xf8, 0x7a,
-+ 0x87, 0x49, 0x64, 0x72, 0xb1, 0x75, 0x3b, 0x94,
-+ 0xc8, 0x09, 0x2d, 0x6a, 0x63, 0xd8, 0x9a, 0x92,
-+ 0xb9, 0x5b, 0x1a, 0xc3, 0x47, 0x0b, 0x63, 0x44,
-+ 0x3b, 0xe3, 0xc0, 0x09, 0xc9, 0xf9, 0x02, 0x53,
-+ 0xd8, 0xfb, 0x06, 0x44, 0xdb, 0xdf, 0xe8, 0x13,
-+ 0x2b, 0x40, 0x6a, 0xd4, 0x13, 0x4e, 0x52, 0x30,
-+ 0xd6, 0xc1, 0xd8, 0x59, 0x9d, 0x59, 0xba, 0x1b,
-+ 0xbf, 0xaa, 0x6f, 0xe9, 0x3d, 0xfd, 0xff, 0x01,
-+ 0x0b, 0x54, 0xe0, 0x6a, 0x4e, 0x27, 0x2b, 0x3d,
-+ 0xe8, 0xef, 0xb0, 0xbe, 0x52, 0xc3, 0x52, 0x18,
-+ 0x6f, 0xa3, 0x27, 0xab, 0x6c, 0x12, 0xc3, 0x81,
-+ 0xcb, 0xae, 0x23, 0x11, 0xa0, 0x5d, 0xc3, 0x6f,
-+ 0x23, 0x17, 0x40, 0xb3, 0x05, 0x4f, 0x5d, 0xb7,
-+ 0x34, 0xbe, 0x87, 0x2c, 0xa9, 0x9e, 0x98, 0x39,
-+ 0xbf, 0x2e, 0x9d, 0xad, 0x4f, 0x70, 0xad, 0xed,
-+ 0x1b, 0x5e, 0x47, 0x90, 0x49, 0x2e, 0x61, 0x71,
-+ 0x5f, 0x07, 0x0b, 0x35, 0x04, 0xfc, 0x53, 0xce,
-+ 0x58, 0x60, 0x6c, 0x5b, 0x8b, 0xfe, 0x70, 0x04,
-+ 0x2a, 0x6a, 0x98, 0x0a, 0xd0, 0x80, 0xae, 0x69,
-+ 0x95, 0xf9, 0x99, 0x18, 0xfc, 0xe4, 0x8e, 0xed,
-+ 0x61, 0xd9, 0x02, 0x9d, 0x4e, 0x05, 0xe9, 0xf2,
-+ 0x32
- };
- static const unsigned char dh_peer_pub[] = {
-- 0x1f, 0xc1, 0xda, 0x34, 0x1d, 0x1a, 0x84, 0x6a,
-- 0x96, 0xb7, 0xbe, 0x24, 0x34, 0x0f, 0x87, 0x7d,
-- 0xd0, 0x10, 0xaa, 0x03, 0x56, 0xd5, 0xad, 0x58,
-- 0xaa, 0xe9, 0xc7, 0xb0, 0x8f, 0x74, 0x9a, 0x32,
-- 0x23, 0x51, 0x10, 0xb5, 0xd8, 0x8e, 0xb5, 0xdb,
-- 0xfa, 0x97, 0x8d, 0x27, 0xec, 0xc5, 0x30, 0xf0,
-- 0x2d, 0x31, 0x14, 0x00, 0x5b, 0x64, 0xb1, 0xc0,
-- 0xe0, 0x24, 0xcb, 0x8a, 0xe2, 0x16, 0x98, 0xbc,
-- 0xa9, 0xe6, 0x0d, 0x42, 0x80, 0x86, 0x22, 0xf1,
-- 0x81, 0xc5, 0x6e, 0x1d, 0xe7, 0xa9, 0x6e, 0x6e,
-- 0xfe, 0xe9, 0xd6, 0x65, 0x67, 0xe9, 0x1b, 0x97,
-- 0x70, 0x42, 0xc7, 0xe3, 0xd0, 0x44, 0x8f, 0x05,
-- 0xfb, 0x77, 0xf5, 0x22, 0xb9, 0xbf, 0xc8, 0xd3,
-- 0x3c, 0xc3, 0xc3, 0x1e, 0xd3, 0xb3, 0x1f, 0x0f,
-- 0xec, 0xb6, 0xdb, 0x4f, 0x6e, 0xa3, 0x11, 0xe7,
-- 0x7a, 0xfd, 0xbc, 0xd4, 0x7a, 0xee, 0x1b, 0xb1,
-- 0x50, 0xf2, 0x16, 0x87, 0x35, 0x78, 0xfb, 0x96,
-- 0x46, 0x8e, 0x8f, 0x9f, 0x3d, 0xe8, 0xef, 0xbf,
-- 0xce, 0x75, 0x62, 0x4b, 0x1d, 0xf0, 0x53, 0x22,
-- 0xa3, 0x4f, 0x14, 0x63, 0xe8, 0x39, 0xe8, 0x98,
-- 0x4c, 0x4a, 0xd0, 0xa9, 0x6e, 0x1a, 0xc8, 0x42,
-- 0xe5, 0x31, 0x8c, 0xc2, 0x3c, 0x06, 0x2a, 0x8c,
-- 0xa1, 0x71, 0xb8, 0xd5, 0x75, 0x98, 0x0d, 0xde,
-- 0x7f, 0xc5, 0x6f, 0x15, 0x36, 0x52, 0x38, 0x20,
-- 0xd4, 0x31, 0x92, 0xbf, 0xd5, 0x1e, 0x8e, 0x22,
-- 0x89, 0x78, 0xac, 0xa5, 0xb9, 0x44, 0x72, 0xf3,
-- 0x39, 0xca, 0xeb, 0x99, 0x31, 0xb4, 0x2b, 0xe3,
-- 0x01, 0x26, 0x8b, 0xc9, 0x97, 0x89, 0xc9, 0xb2,
-- 0x55, 0x71, 0xc3, 0xc0, 0xe4, 0xcb, 0x3f, 0x00,
-- 0x7f, 0x1a, 0x51, 0x1c, 0xbb, 0x53, 0xc8, 0x51,
-- 0x9c, 0xdd, 0x13, 0x02, 0xab, 0xca, 0x6c, 0x0f,
-- 0x34, 0xf9, 0x67, 0x39, 0xf1, 0x7f, 0xf4, 0x8b
-+ 0x00, 0xef, 0x15, 0x02, 0xf5, 0x56, 0xa3, 0x79,
-+ 0x40, 0x58, 0xbc, 0xeb, 0x56, 0xad, 0xcb, 0xda,
-+ 0x8c, 0xda, 0xb8, 0xd1, 0xda, 0x6f, 0x25, 0x29,
-+ 0x9e, 0x43, 0x76, 0x2d, 0xb2, 0xd8, 0xbc, 0x84,
-+ 0xbc, 0x85, 0xd0, 0x94, 0x8d, 0x44, 0x27, 0x57,
-+ 0xe4, 0xdf, 0xc1, 0x78, 0x42, 0x8f, 0x08, 0xf5,
-+ 0x74, 0xfe, 0x02, 0x56, 0xd2, 0x09, 0xc8, 0x68,
-+ 0xef, 0xed, 0x18, 0xc9, 0xfd, 0x2e, 0x95, 0x6c,
-+ 0xba, 0x6c, 0x00, 0x0e, 0xf5, 0xd1, 0x1b, 0xf6,
-+ 0x15, 0x14, 0x5b, 0x67, 0x22, 0x7c, 0x6a, 0x20,
-+ 0x76, 0x43, 0x51, 0xef, 0x5e, 0x1e, 0xf9, 0x2d,
-+ 0xd6, 0xb4, 0xc5, 0xc6, 0x18, 0x33, 0xd1, 0xa3,
-+ 0x3b, 0xe6, 0xdd, 0x57, 0x9d, 0xad, 0x13, 0x7a,
-+ 0x53, 0xde, 0xb3, 0x97, 0xc0, 0x7e, 0xd7, 0x77,
-+ 0x6b, 0xf8, 0xbd, 0x13, 0x70, 0x8c, 0xba, 0x73,
-+ 0x80, 0xb3, 0x80, 0x6f, 0xfb, 0x1c, 0xda, 0x53,
-+ 0x4d, 0x3c, 0x8a, 0x2e, 0xa1, 0x37, 0xce, 0xb1,
-+ 0xde, 0x45, 0x97, 0x58, 0x65, 0x4d, 0xcf, 0x05,
-+ 0xbb, 0xc3, 0xd7, 0x38, 0x6d, 0x0a, 0x59, 0x7a,
-+ 0x99, 0x15, 0xb7, 0x9a, 0x3d, 0xfd, 0x61, 0xe5,
-+ 0x1a, 0xa2, 0xcc, 0xf6, 0xfe, 0xb1, 0xee, 0xe9,
-+ 0xa9, 0xe2, 0xeb, 0x06, 0xbc, 0x14, 0x6e, 0x91,
-+ 0x0d, 0xf1, 0xe3, 0xbb, 0xe0, 0x7e, 0x1d, 0x31,
-+ 0x79, 0xf1, 0x6d, 0x5f, 0xcb, 0xaf, 0xb2, 0x4f,
-+ 0x22, 0x12, 0xbf, 0x72, 0xbd, 0xd0, 0x30, 0xe4,
-+ 0x1c, 0x35, 0x96, 0x61, 0x98, 0x39, 0xfb, 0x7e,
-+ 0x6d, 0x66, 0xc4, 0x69, 0x41, 0x0d, 0x0d, 0x59,
-+ 0xbb, 0xa7, 0xbf, 0x34, 0xe0, 0x39, 0x36, 0x84,
-+ 0x5e, 0x0e, 0x03, 0x2d, 0xcf, 0xaa, 0x02, 0x8a,
-+ 0xba, 0x59, 0x88, 0x47, 0xc4, 0x4d, 0xd7, 0xbd,
-+ 0x78, 0x76, 0x24, 0xf1, 0x45, 0x56, 0x44, 0xc2,
-+ 0x4a, 0xc2, 0xd5, 0x3a, 0x59, 0x40, 0xab, 0x87,
-+ 0x64
- };
-
- static const unsigned char dh_secret_expected[] = {
-- 0x08, 0xff, 0x33, 0xbb, 0x2e, 0xcf, 0xf4, 0x9a,
-- 0x7d, 0x4a, 0x79, 0x12, 0xae, 0xb1, 0xbb, 0x6a,
-- 0xb5, 0x11, 0x64, 0x1b, 0x4a, 0x76, 0x77, 0x0c,
-- 0x8c, 0xc1, 0xbc, 0xc2, 0x33, 0x34, 0x3d, 0xfe,
-- 0x70, 0x0d, 0x11, 0x81, 0x3d, 0x2c, 0x9e, 0xd2,
-- 0x3b, 0x21, 0x1c, 0xa9, 0xe8, 0x78, 0x69, 0x21,
-- 0xed, 0xca, 0x28, 0x3c, 0x68, 0xb1, 0x61, 0x53,
-- 0xfa, 0x01, 0xe9, 0x1a, 0xb8, 0x2c, 0x90, 0xdd,
-- 0xab, 0x4a, 0x95, 0x81, 0x67, 0x70, 0xa9, 0x87,
-- 0x10, 0xe1, 0x4c, 0x92, 0xab, 0x83, 0xb6, 0xe4,
-- 0x6e, 0x1e, 0x42, 0x6e, 0xe8, 0x52, 0x43, 0x0d,
-- 0x61, 0x87, 0xda, 0xa3, 0x72, 0x0a, 0x6b, 0xcd,
-- 0x73, 0x23, 0x5c, 0x6b, 0x0f, 0x94, 0x1f, 0x33,
-- 0x64, 0xf5, 0x04, 0x20, 0x55, 0x1a, 0x4b, 0xfe,
-- 0xaf, 0xe2, 0xbc, 0x43, 0x85, 0x05, 0xa5, 0x9a,
-- 0x4a, 0x40, 0xda, 0xca, 0x7a, 0x89, 0x5a, 0x73,
-- 0xdb, 0x57, 0x5c, 0x74, 0xc1, 0x3a, 0x23, 0xad,
-- 0x88, 0x32, 0x95, 0x7d, 0x58, 0x2d, 0x38, 0xf0,
-- 0xa6, 0x16, 0x5f, 0xb0, 0xd7, 0xe9, 0xb8, 0x79,
-- 0x9e, 0x42, 0xfd, 0x32, 0x20, 0xe3, 0x32, 0xe9,
-- 0x81, 0x85, 0xa0, 0xc9, 0x42, 0x97, 0x57, 0xb2,
-- 0xd0, 0xd0, 0x2c, 0x17, 0xdb, 0xaa, 0x1f, 0xf6,
-- 0xed, 0x93, 0xd7, 0xe7, 0x3e, 0x24, 0x1e, 0xae,
-- 0xd9, 0x0c, 0xaf, 0x39, 0x4d, 0x2b, 0xc6, 0x57,
-- 0x0f, 0x18, 0xc8, 0x1f, 0x2b, 0xe5, 0xd0, 0x1a,
-- 0x2c, 0xa9, 0x9f, 0xf1, 0x42, 0xb5, 0xd9, 0x63,
-- 0xf9, 0xf5, 0x00, 0x32, 0x5e, 0x75, 0x56, 0xf9,
-- 0x58, 0x49, 0xb3, 0xff, 0xc7, 0x47, 0x94, 0x86,
-- 0xbe, 0x1d, 0x45, 0x96, 0xa3, 0x10, 0x6b, 0xd5,
-- 0xcb, 0x4f, 0x61, 0xc5, 0x7e, 0xc5, 0xf1, 0x00,
-- 0xfb, 0x7a, 0x0c, 0x82, 0xa1, 0x0b, 0x82, 0x52,
-- 0x6a, 0x97, 0xd1, 0xd9, 0x7d, 0x98, 0xea, 0xf6
-+ 0x56, 0x13, 0xe3, 0x12, 0x6b, 0x5f, 0x67, 0xe5,
-+ 0x08, 0xe5, 0x35, 0x0e, 0x11, 0x90, 0x9d, 0xf5,
-+ 0x1a, 0x24, 0xfa, 0x42, 0xd1, 0x4a, 0x50, 0x93,
-+ 0x5b, 0xf4, 0x11, 0x6f, 0xd0, 0xc3, 0xc5, 0xa5,
-+ 0x80, 0xae, 0x01, 0x3d, 0x66, 0x92, 0xc0, 0x3e,
-+ 0x5f, 0xe9, 0x75, 0xb6, 0x5b, 0x37, 0x82, 0x39,
-+ 0x72, 0x66, 0x0b, 0xa2, 0x73, 0x94, 0xe5, 0x04,
-+ 0x7c, 0x0c, 0x19, 0x9a, 0x03, 0x53, 0xc4, 0x9d,
-+ 0xc1, 0x0f, 0xc3, 0xec, 0x0e, 0x2e, 0xa3, 0x7c,
-+ 0x07, 0x0e, 0xaf, 0x18, 0x1d, 0xc7, 0x8b, 0x47,
-+ 0x4b, 0x94, 0x05, 0x6d, 0xec, 0xdd, 0xa1, 0xae,
-+ 0x7b, 0x21, 0x86, 0x53, 0xd3, 0x62, 0x38, 0x08,
-+ 0xea, 0xda, 0xdc, 0xb2, 0x5a, 0x7c, 0xef, 0x19,
-+ 0xf8, 0x29, 0xef, 0xf8, 0xd0, 0xfb, 0xde, 0xe8,
-+ 0xb8, 0x2f, 0xb3, 0xa1, 0x16, 0xa2, 0xd0, 0x8f,
-+ 0x48, 0xdc, 0x7d, 0xcb, 0xee, 0x5c, 0x06, 0x1e,
-+ 0x2a, 0x66, 0xe8, 0x1f, 0xdb, 0x18, 0xe9, 0xd2,
-+ 0xfd, 0xa2, 0x4e, 0x39, 0xa3, 0x2e, 0x88, 0x3d,
-+ 0x7d, 0xac, 0x15, 0x18, 0x25, 0xe6, 0xba, 0xd4,
-+ 0x0e, 0x89, 0x26, 0x60, 0x8f, 0xdc, 0x4a, 0xb4,
-+ 0x49, 0x8f, 0x98, 0xe8, 0x62, 0x8c, 0xc6, 0x66,
-+ 0x20, 0x4c, 0xe1, 0xed, 0xfc, 0x01, 0x88, 0x46,
-+ 0xa7, 0x67, 0x48, 0x39, 0xc5, 0x22, 0x95, 0xa0,
-+ 0x23, 0xb9, 0xd1, 0xed, 0x87, 0xcf, 0xa7, 0x70,
-+ 0x1c, 0xac, 0xd3, 0xaf, 0x5c, 0x26, 0x50, 0x3c,
-+ 0xe4, 0x23, 0xb6, 0xcc, 0xd7, 0xc5, 0xda, 0x2f,
-+ 0xf4, 0x45, 0xf1, 0xe4, 0x40, 0xb5, 0x0a, 0x25,
-+ 0x86, 0xe6, 0xde, 0x11, 0x3c, 0x46, 0x16, 0xbc,
-+ 0x41, 0xc2, 0x28, 0x19, 0x81, 0x5a, 0x46, 0x02,
-+ 0x87, 0xd0, 0x15, 0x0c, 0xd2, 0xfe, 0x75, 0x04,
-+ 0x82, 0xd2, 0x0a, 0xb7, 0xbc, 0xc5, 0x6c, 0xb1,
-+ 0x41, 0xa8, 0x2b, 0x28, 0xbb, 0x86, 0x0c, 0x89
- };
-
- static const ST_KAT_PARAM dh_group[] = {
---
-2.35.3
-
diff --git a/0076-FIPS-140-3-DRBG.patch b/0076-FIPS-140-3-DRBG.patch
deleted file mode 100644
index 54dad96..0000000
--- a/0076-FIPS-140-3-DRBG.patch
+++ /dev/null
@@ -1,247 +0,0 @@
-From 151114825cb2e4197c095792c24599cae3bd01a1 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 8 Jul 2024 11:30:25 +0200
-Subject: [PATCH 30/50] 0076-FIPS-140-3-DRBG.patch
-
-Patch-name: 0076-FIPS-140-3-DRBG.patch
-Patch-id: 76
-Patch-status: |
- # Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
- # https://bugzilla.redhat.com/show_bug.cgi?id=2102541
-From-dist-git-commit: e67e9d9c40cd2cb9547e539c658e2b63f2736762
----
- crypto/rand/prov_seed.c | 9 ++-
- crypto/rand/rand_lib.c | 10 +--
- providers/implementations/rands/crngt.c | 6 +-
- providers/implementations/rands/drbg.c | 11 ++-
- providers/implementations/rands/drbg_local.h | 2 +-
- providers/implementations/rands/seed_src.c | 18 ++++-
- .../implementations/rands/seeding/rand_unix.c | 68 ++-----------------
- 7 files changed, 45 insertions(+), 79 deletions(-)
-
-diff --git a/crypto/rand/prov_seed.c b/crypto/rand/prov_seed.c
-index 2985c7f2d8..3202a28226 100644
---- a/crypto/rand/prov_seed.c
-+++ b/crypto/rand/prov_seed.c
-@@ -23,7 +23,14 @@ size_t ossl_rand_get_entropy(ossl_unused OSSL_LIB_CTX *ctx,
- size_t entropy_available;
- RAND_POOL *pool;
-
-- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
-+ /*
-+ * OpenSSL still implements an internal entropy pool of
-+ * some size that is hashed to get seed data.
-+ * Note that this is a conditioning step for which SP800-90C requires
-+ * 64 additional bits from the entropy source to claim the requested
-+ * amount of entropy.
-+ */
-+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
- if (pool == NULL) {
- ERR_raise(ERR_LIB_RAND, ERR_R_RAND_LIB);
- return 0;
-diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
-index 14999540ab..b05b84717b 100644
---- a/crypto/rand/rand_lib.c
-+++ b/crypto/rand/rand_lib.c
-@@ -723,15 +723,7 @@ EVP_RAND_CTX *RAND_get0_primary(OSSL_LIB_CTX *ctx)
- return ret;
- }
-
--#ifndef FIPS_MODULE
-- if (dgbl->seed == NULL) {
-- ERR_set_mark();
-- dgbl->seed = rand_new_seed(ctx);
-- ERR_pop_to_mark();
-- }
--#endif
--
-- ret = dgbl->primary = rand_new_drbg(ctx, dgbl->seed,
-+ ret = dgbl->primary = rand_new_drbg(ctx, NULL,
- PRIMARY_RESEED_INTERVAL,
- PRIMARY_RESEED_TIME_INTERVAL, 1);
- /*
-diff --git a/providers/implementations/rands/crngt.c b/providers/implementations/rands/crngt.c
-index fa4a2db14a..1f13fc759e 100644
---- a/providers/implementations/rands/crngt.c
-+++ b/providers/implementations/rands/crngt.c
-@@ -133,7 +133,11 @@ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg,
- * to the nearest byte. If the entropy is of less than full quality,
- * the amount required should be scaled up appropriately here.
- */
-- bytes_needed = (entropy + 7) / 8;
-+ /*
-+ * FIPS 140-3: the yet draft SP800-90C requires requested entropy
-+ * + 128 bits during initial seeding
-+ */
-+ bytes_needed = (entropy + 128 + 7) / 8;
- if (bytes_needed < min_len)
- bytes_needed = min_len;
- if (bytes_needed > max_len)
-diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c
-index 46a056bc2a..742806a2ae 100644
---- a/providers/implementations/rands/drbg.c
-+++ b/providers/implementations/rands/drbg.c
-@@ -564,6 +564,9 @@ static int ossl_prov_drbg_reseed_unlocked(PROV_DRBG *drbg,
- #endif
- }
-
-+#ifdef FIPS_MODULE
-+ prediction_resistance = 1;
-+#endif
- /* Reseed using our sources in addition */
- entropylen = get_entropy(drbg, &entropy, drbg->strength,
- drbg->min_entropylen, drbg->max_entropylen,
-@@ -685,8 +688,14 @@ int ossl_prov_drbg_generate(PROV_DRBG *drbg, unsigned char *out, size_t outlen,
- reseed_required = 1;
- }
- if (drbg->parent != NULL
-- && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter)
-+ && get_parent_reseed_count(drbg) != drbg->parent_reseed_counter) {
-+#ifdef FIPS_MODULE
-+ /* Red Hat patches provide chain reseeding when necessary so just sync counters*/
-+ drbg->parent_reseed_counter = get_parent_reseed_count(drbg);
-+#else
- reseed_required = 1;
-+#endif
-+ }
-
- if (reseed_required || prediction_resistance) {
- if (!ossl_prov_drbg_reseed_unlocked(drbg, prediction_resistance, NULL,
-diff --git a/providers/implementations/rands/drbg_local.h b/providers/implementations/rands/drbg_local.h
-index 902dfc937d..c7be09176b 100644
---- a/providers/implementations/rands/drbg_local.h
-+++ b/providers/implementations/rands/drbg_local.h
-@@ -38,7 +38,7 @@
- *
- * The value is in bytes.
- */
--#define CRNGT_BUFSIZ 16
-+#define CRNGT_BUFSIZ 32
-
- /*
- * Maximum input size for the DRBG (entropy, nonce, personalization string)
-diff --git a/providers/implementations/rands/seed_src.c b/providers/implementations/rands/seed_src.c
-index e8f7ec9efc..092b9caf97 100644
---- a/providers/implementations/rands/seed_src.c
-+++ b/providers/implementations/rands/seed_src.c
-@@ -102,7 +102,14 @@ static int seed_src_generate(void *vseed, unsigned char *out, size_t outlen,
- return 0;
- }
-
-- pool = ossl_rand_pool_new(strength, 1, outlen, outlen);
-+ /*
-+ * OpenSSL still implements an internal entropy pool of
-+ * some size that is hashed to get seed data.
-+ * Note that this is a conditioning step for which SP800-90C requires
-+ * 64 additional bits from the entropy source to claim the requested
-+ * amount of entropy.
-+ */
-+ pool = ossl_rand_pool_new(strength + 64, 1, outlen, outlen);
- if (pool == NULL) {
- ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB);
- return 0;
-@@ -182,7 +189,14 @@ static size_t seed_get_seed(void *vseed, unsigned char **pout,
- size_t i;
- RAND_POOL *pool;
-
-- pool = ossl_rand_pool_new(entropy, 1, min_len, max_len);
-+ /*
-+ * OpenSSL still implements an internal entropy pool of
-+ * some size that is hashed to get seed data.
-+ * Note that this is a conditioning step for which SP800-90C requires
-+ * 64 additional bits from the entropy source to claim the requested
-+ * amount of entropy.
-+ */
-+ pool = ossl_rand_pool_new(entropy + 64, 1, min_len, max_len);
- if (pool == NULL) {
- ERR_raise(ERR_LIB_PROV, ERR_R_RAND_LIB);
- return 0;
-diff --git a/providers/implementations/rands/seeding/rand_unix.c b/providers/implementations/rands/seeding/rand_unix.c
-index 9a936d800d..56af1c803c 100644
---- a/providers/implementations/rands/seeding/rand_unix.c
-+++ b/providers/implementations/rands/seeding/rand_unix.c
-@@ -48,6 +48,8 @@
- # include <fcntl.h>
- # include <unistd.h>
- # include <sys/time.h>
-+# include <sys/random.h>
-+# include <openssl/evp.h>
-
- static uint64_t get_time_stamp(void);
-
-@@ -339,70 +341,8 @@ static ssize_t syscall_random(void *buf, size_t buflen)
- * which is way below the OSSL_SSIZE_MAX limit. Therefore sign conversion
- * between size_t and ssize_t is safe even without a range check.
- */
--
-- /*
-- * Do runtime detection to find getentropy().
-- *
-- * Known OSs that should support this:
-- * - Darwin since 16 (OSX 10.12, IOS 10.0).
-- * - Solaris since 11.3
-- * - OpenBSD since 5.6
-- * - Linux since 3.17 with glibc 2.25
-- * - FreeBSD since 12.0 (1200061)
-- *
-- * Note: Sometimes getentropy() can be provided but not implemented
-- * internally. So we need to check errno for ENOSYS
-- */
--# if !defined(__DragonFly__) && !defined(__NetBSD__)
--# if defined(__GNUC__) && __GNUC__>=2 && defined(__ELF__) && !defined(__hpux)
-- extern int getentropy(void *buffer, size_t length) __attribute__((weak));
--
-- if (getentropy != NULL) {
-- if (getentropy(buf, buflen) == 0)
-- return (ssize_t)buflen;
-- if (errno != ENOSYS)
-- return -1;
-- }
--# elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
--
-- if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
-- return (ssize_t)buflen;
--
-- return -1;
--# else
-- union {
-- void *p;
-- int (*f)(void *buffer, size_t length);
-- } p_getentropy;
--
-- /*
-- * We could cache the result of the lookup, but we normally don't
-- * call this function often.
-- */
-- ERR_set_mark();
-- p_getentropy.p = DSO_global_lookup("getentropy");
-- ERR_pop_to_mark();
-- if (p_getentropy.p != NULL)
-- return p_getentropy.f(buf, buflen) == 0 ? (ssize_t)buflen : -1;
--# endif
--# endif /* !__DragonFly__ */
--
-- /* Linux supports this since version 3.17 */
--# if defined(__linux) && defined(__NR_getrandom)
-- return syscall(__NR_getrandom, buf, buflen, 0);
--# elif (defined(__FreeBSD__) || defined(__NetBSD__)) && defined(KERN_ARND)
-- return sysctl_random(buf, buflen);
--# elif (defined(__DragonFly__) && __DragonFly_version >= 500700) \
-- || (defined(__NetBSD__) && __NetBSD_Version >= 1000000000)
-- return getrandom(buf, buflen, 0);
--# elif defined(__wasi__)
-- if (getentropy(buf, buflen) == 0)
-- return (ssize_t)buflen;
-- return -1;
--# else
-- errno = ENOSYS;
-- return -1;
--# endif
-+ int realbuflen = buflen > 32 ? 32 : buflen; /* Red Hat uses downstream patch to always seed from getrandom() */
-+ return EVP_default_properties_is_fips_enabled(NULL) ? getrandom(buf, realbuflen, GRND_RANDOM) : getrandom(buf, buflen, 0);
- }
- # endif /* defined(OPENSSL_RAND_SEED_GETRANDOM) */
-
---
-2.41.0
-
diff --git a/0077-FIPS-140-3-zeroization.patch b/0077-FIPS-140-3-zeroization.patch
deleted file mode 100644
index 692bebc..0000000
--- a/0077-FIPS-140-3-zeroization.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From 9c667a7ba589329f3a777b012bf69a0db7f7eda9 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Mon, 31 Jul 2023 09:41:29 +0200
-Subject: [PATCH 33/35] 0077-FIPS-140-3-zeroization.patch
-
-Patch-name: 0077-FIPS-140-3-zeroization.patch
-Patch-id: 77
-Patch-status: |
- # https://bugzilla.redhat.com/show_bug.cgi?id=2102542
-From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
----
- crypto/ec/ec_lib.c | 4 ++++
- crypto/ffc/ffc_params.c | 8 ++++----
- crypto/rsa/rsa_lib.c | 4 ++--
- providers/implementations/kdfs/hkdf.c | 2 +-
- providers/implementations/kdfs/pbkdf2.c | 2 +-
- 5 files changed, 12 insertions(+), 8 deletions(-)
-
-diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
-index 6c37bf78ae..cfbc3c3c1d 100644
---- a/crypto/ec/ec_lib.c
-+++ b/crypto/ec/ec_lib.c
-@@ -744,12 +744,16 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group)
-
- void EC_POINT_free(EC_POINT *point)
- {
-+#ifdef FIPS_MODULE
-+ EC_POINT_clear_free(point);
-+#else
- if (point == NULL)
- return;
-
- if (point->meth->point_finish != 0)
- point->meth->point_finish(point);
- OPENSSL_free(point);
-+#endif
- }
-
- void EC_POINT_clear_free(EC_POINT *point)
-diff --git a/crypto/ffc/ffc_params.c b/crypto/ffc/ffc_params.c
-index 3536efd1ad..f3c164b8fc 100644
---- a/crypto/ffc/ffc_params.c
-+++ b/crypto/ffc/ffc_params.c
-@@ -27,10 +27,10 @@ void ossl_ffc_params_init(FFC_PARAMS *params)
-
- void ossl_ffc_params_cleanup(FFC_PARAMS *params)
- {
-- BN_free(params->p);
-- BN_free(params->q);
-- BN_free(params->g);
-- BN_free(params->j);
-+ BN_clear_free(params->p);
-+ BN_clear_free(params->q);
-+ BN_clear_free(params->g);
-+ BN_clear_free(params->j);
- OPENSSL_free(params->seed);
- ossl_ffc_params_init(params);
- }
-diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
-index 9588a75964..76b4aac6fc 100644
---- a/crypto/rsa/rsa_lib.c
-+++ b/crypto/rsa/rsa_lib.c
-@@ -155,8 +155,8 @@ void RSA_free(RSA *r)
- CRYPTO_THREAD_lock_free(r->lock);
- CRYPTO_FREE_REF(&r->references);
-
-- BN_free(r->n);
-- BN_free(r->e);
-+ BN_clear_free(r->n);
-+ BN_clear_free(r->e);
- BN_clear_free(r->d);
- BN_clear_free(r->p);
- BN_clear_free(r->q);
-diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
-index daa619b8af..5304baa6c9 100644
---- a/providers/implementations/kdfs/hkdf.c
-+++ b/providers/implementations/kdfs/hkdf.c
-@@ -118,7 +118,7 @@ static void kdf_hkdf_reset(void *vctx)
- void *provctx = ctx->provctx;
-
- ossl_prov_digest_reset(&ctx->digest);
-- OPENSSL_free(ctx->salt);
-+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
- OPENSSL_free(ctx->prefix);
- OPENSSL_free(ctx->label);
- OPENSSL_clear_free(ctx->data, ctx->data_len);
-diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
-index 5c3e7b95ce..349c3dd657 100644
---- a/providers/implementations/kdfs/pbkdf2.c
-+++ b/providers/implementations/kdfs/pbkdf2.c
-@@ -92,7 +92,7 @@ static void *kdf_pbkdf2_new(void *provctx)
- static void kdf_pbkdf2_cleanup(KDF_PBKDF2 *ctx)
- {
- ossl_prov_digest_reset(&ctx->digest);
-- OPENSSL_free(ctx->salt);
-+ OPENSSL_clear_free(ctx->salt, ctx->salt_len);
- OPENSSL_clear_free(ctx->pass, ctx->pass_len);
- memset(ctx, 0, sizeof(*ctx));
- }
---
-2.41.0
-
diff --git a/0078-KDF-Add-FIPS-indicators.patch b/0078-KDF-Add-FIPS-indicators.patch
deleted file mode 100644
index 17ff63e..0000000
--- a/0078-KDF-Add-FIPS-indicators.patch
+++ /dev/null
@@ -1,911 +0,0 @@
-From 2290280617183863eb15425b8925765966723725 Mon Sep 17 00:00:00 2001
-From: Clemens Lang <cllang@redhat.com>
-Date: Thu, 11 Aug 2022 09:27:12 +0200
-Subject: KDF: Add FIPS indicators
-
-FIPS requires a number of restrictions on the parameters of the various
-key derivation functions implemented in OpenSSL. The KDFs that use
-digest algorithms usually should not allow SHAKE (due to FIPS 140-3 IG
-C.C). Additionally, some application-specific KDFs have further
-restrictions defined in SP 800-135r1.
-
-Generally, all KDFs shall use a key-derivation key length of at least
-112 bits due to SP 800-131Ar2 section 8. Additionally any use of a KDF
-to generate and output length of less than 112 bits will also set the
-indicator to unapproved.
-
-Add explicit indicators to all KDFs usable in FIPS mode except for
-PBKDF2 (which has its specific FIPS limits already implemented). The
-indicator can be queried using EVP_KDF_CTX_get_params() after setting
-the required parameters and keys for the KDF.
-
-Our FIPS provider implements SHA1, SHA2 (both -256 and -512, and the
-truncated variants -224 and -384) and SHA3 (-256 and -512, and the
-truncated versions -224 and -384), as well as SHAKE-128 and -256.
-
-The SHAKE functions are generally not allowed in KDFs. For the rest, the
-support matrix is:
-
- KDF | SHA-1 | SHA-2 | SHA-2 truncated | SHA-3 | SHA-3 truncated
-==========================================================================
-KBKDF | x | x | x | x | x
-HKDF | x | x | x | x | x
-TLS1PRF | | SHA-{256,384,512} only | |
-SSHKDF | x | x | x | |
-SSKDF | x | x | x | x | x
-X9.63KDF | | x | x | x | x
-X9.42-ASN1 | x | x | x | x | x
-TLS1.3PRF | | SHA-{256,384} only | |
-
-Signed-off-by: Clemens Lang <cllang@redhat.com>
-Resolves: rhbz#2160733 rhbz#2164763
-Related: rhbz#2114772 rhbz#2141695
----
- include/crypto/evp.h | 7 ++
- include/openssl/kdf.h | 4 +
- providers/implementations/kdfs/hkdf.c | 100 +++++++++++++++++++++-
- providers/implementations/kdfs/kbkdf.c | 82 ++++++++++++++++--
- providers/implementations/kdfs/sshkdf.c | 75 +++++++++++++++-
- providers/implementations/kdfs/sskdf.c | 100 +++++++++++++++++++++-
- providers/implementations/kdfs/tls1_prf.c | 74 +++++++++++++++-
- providers/implementations/kdfs/x942kdf.c | 66 +++++++++++++-
- util/perl/OpenSSL/paramnames.pm | 1 +
- 9 files changed, 487 insertions(+), 22 deletions(-)
-
-diff --git a/include/crypto/evp.h b/include/crypto/evp.h
-index e70d8e9e84..76fb990de4 100644
---- a/include/crypto/evp.h
-+++ b/include/crypto/evp.h
-@@ -219,6 +219,13 @@ struct evp_mac_st {
- OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
- };
-
-+#ifdef FIPS_MODULE
-+/* According to NIST Special Publication 800-131Ar2, Section 8: Deriving
-+ * Additional Keys from a Cryptographic Key, "[t]he length of the
-+ * key-derivation key [i.e., the input key] shall be at least 112 bits". */
-+# define EVP_KDF_FIPS_MIN_KEY_LEN (112 / 8)
-+#endif
-+
- struct evp_kdf_st {
- OSSL_PROVIDER *prov;
- int name_id;
-diff --git a/include/openssl/kdf.h b/include/openssl/kdf.h
-index 0983230a48..86171635ea 100644
---- a/include/openssl/kdf.h
-+++ b/include/openssl/kdf.h
-@@ -63,6 +63,10 @@ int EVP_KDF_names_do_all(const EVP_KDF *kdf,
- # define EVP_KDF_HKDF_MODE_EXTRACT_ONLY 1
- # define EVP_KDF_HKDF_MODE_EXPAND_ONLY 2
-
-+# define EVP_KDF_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
-+# define EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED 1
-+# define EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
-+
- #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV 65
- #define EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI 66
- #define EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV 67
-diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
-index dfa7786bde..f01e40ff5a 100644
---- a/providers/implementations/kdfs/hkdf.c
-+++ b/providers/implementations/kdfs/hkdf.c
-@@ -42,6 +42,7 @@ static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_hkdf_settable_ctx_params;
- static OSSL_FUNC_kdf_set_ctx_params_fn kdf_hkdf_set_ctx_params;
- static OSSL_FUNC_kdf_gettable_ctx_params_fn kdf_hkdf_gettable_ctx_params;
- static OSSL_FUNC_kdf_get_ctx_params_fn kdf_hkdf_get_ctx_params;
-+static OSSL_FUNC_kdf_newctx_fn kdf_tls1_3_new;
- static OSSL_FUNC_kdf_derive_fn kdf_tls1_3_derive;
- static OSSL_FUNC_kdf_settable_ctx_params_fn kdf_tls1_3_settable_ctx_params;
- static OSSL_FUNC_kdf_set_ctx_params_fn kdf_tls1_3_set_ctx_params;
-@@ -85,6 +86,10 @@ typedef struct {
- size_t data_len;
- unsigned char *info;
- size_t info_len;
-+ int is_tls13;
-+#ifdef FIPS_MODULE
-+ int fips_indicator;
-+#endif /* defined(FIPS_MODULE) */
- } KDF_HKDF;
-
- static void *kdf_hkdf_new(void *provctx)
-@@ -170,6 +175,11 @@ static int kdf_hkdf_derive(void *vctx, unsigned char *key, size_t keylen,
- return 0;
- }
-
-+#ifdef FIPS_MODULE
-+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+#endif /* defined(FIPS_MODULE) */
-+
- switch (ctx->mode) {
- case EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND:
- default:
-@@ -318,22 +318,85 @@ static int kdf_hkdf_get_ctx_params(void
- {
- KDF_HKDF *ctx = (KDF_HKDF *)vctx;
- OSSL_PARAM *p;
-+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
-
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
- size_t sz = kdf_hkdf_size(ctx);
-
-+ any_valid = 1;
- if (sz == 0)
- return 0;
- return OSSL_PARAM_set_size_t(p, sz);
- }
- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_INFO)) != NULL) {
-+ any_valid = 1;
- if (ctx->info == NULL || ctx->info_len == 0) {
- p->return_size = 0;
- return 1;
- }
- return OSSL_PARAM_set_octet_string(p, ctx->info, ctx->info_len);
- }
-- return -2;
-+#ifdef FIPS_MODULE
-+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR))
-+ != NULL) {
-+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
-+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
-+
-+ any_valid = 1;
-+
-+ /* According to NIST Special Publication 800-131Ar2, Section 8:
-+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
-+ * the key-derivation key [i.e., the input key] shall be at least 112
-+ * bits". */
-+ if (ctx->key_len < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
-+ * Verification Program, Section D.B and NIST Special Publication
-+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
-+ * strength < 112 bits is legacy use only, so all derived keys should
-+ * be longer than that. If a derived key has ever been shorter than
-+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
-+ * should also set the returned FIPS indicator to unapproved. */
-+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ if (ctx->is_tls13) {
-+ if (md != NULL
-+ && !EVP_MD_is_a(md, "SHA2-256")
-+ && !EVP_MD_is_a(md, "SHA2-384")) {
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic
-+ * Module Validation Program, Section 2.4.B, (5): "The TLS 1.3
-+ * key derivation function documented in Section 7.1 of RFC
-+ * 8446. This is considered an approved CVL because the
-+ * underlying functions performed within the TLS 1.3 KDF map to
-+ * NIST approved standards, namely: SP 800-133rev2 (Section 6.3
-+ * Option #3), SP 800-56Crev2, and SP 800-108."
-+ *
-+ * RFC 8446 appendix B.4 only lists SHA-256 and SHA-384. */
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+ }
-+ } else {
-+ if (md != NULL
-+ && (EVP_MD_is_a(md, "SHAKE-128") ||
-+ EVP_MD_is_a(md, "SHAKE-256"))) {
-+ /* HKDF is a SP 800-56Cr2 TwoStep KDF, for which all SHA-1,
-+ * SHA-2 and SHA-3 are approved. SHAKE is not approved, because
-+ * of FIPS 140-3 IG, section C.C: "The SHAKE128 and SHAKE256
-+ * extendable-output functions may only be used as the
-+ * standalone algorithms." */
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+ }
-+ }
-+ if (!OSSL_PARAM_set_int(p, fips_indicator))
-+ return 0;
-+ }
-+#endif /* defined(FIPS_MODULE) */
-+
-+ if (!any_valid)
-+ return -2;
-+
-+ return 1;
- }
-
- static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
-@@ -348,6 +421,9 @@ static const OSSL_PARAM *kdf_hkdf_gettable_ctx_params(ossl_unused void *ctx,
- static const OSSL_PARAM known_gettable_ctx_params[] = {
- OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
- OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0),
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
-+#endif /* defined(FIPS_MODULE) */
- OSSL_PARAM_END
- };
- return known_gettable_ctx_params;
-@@ -677,6 +753,17 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx,
- return ret;
- }
-
-+static void *kdf_tls1_3_new(void *provctx)
-+{
-+ KDF_HKDF *hkdf = kdf_hkdf_new(provctx);
-+
-+ if (hkdf != NULL)
-+ hkdf->is_tls13 = 1;
-+
-+ return hkdf;
-+}
-+
-+
- static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
- const OSSL_PARAM params[])
- {
-@@ -692,6 +779,11 @@ static int kdf_tls1_3_derive(void *vctx, unsigned char *key, size_t keylen,
- return 0;
- }
-
-+#ifdef FIPS_MODULE
-+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+#endif /* defined(FIPS_MODULE) */
-+
- switch (ctx->mode) {
- default:
- return 0;
-@@ -769,7 +861,7 @@ static const OSSL_PARAM *kdf_tls1_3_settable_ctx_params(ossl_unused void *ctx,
- }
-
- const OSSL_DISPATCH ossl_kdf_tls1_3_kdf_functions[] = {
-- { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_hkdf_new },
-+ { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))kdf_tls1_3_new },
- { OSSL_FUNC_KDF_DUPCTX, (void(*)(void))kdf_hkdf_dup },
- { OSSL_FUNC_KDF_FREECTX, (void(*)(void))kdf_hkdf_free },
- { OSSL_FUNC_KDF_RESET, (void(*)(void))kdf_hkdf_reset },
-diff --git a/providers/implementations/kdfs/kbkdf.c b/providers/implementations/kdfs/kbkdf.c
-index a542f84dfa..6b6dfb94ac 100644
---- a/providers/implementations/kdfs/kbkdf.c
-+++ b/providers/implementations/kdfs/kbkdf.c
-@@ -59,6 +59,9 @@ typedef struct {
- kbkdf_mode mode;
- EVP_MAC_CTX *ctx_init;
-
-+ /* HMAC digest algorithm, if any; used to compute FIPS indicator */
-+ PROV_DIGEST digest;
-+
- /* Names are lowercased versions of those found in SP800-108. */
- int r;
- unsigned char *ki;
-@@ -73,6 +76,9 @@ typedef struct {
- int use_l;
- int is_kmac;
- int use_separator;
-+#ifdef FIPS_MODULE
-+ int fips_indicator;
-+#endif /* defined(FIPS_MODULE) */
- } KBKDF;
-
- /* Definitions needed for typechecking. */
-@@ -138,6 +144,7 @@ static void kbkdf_reset(void *vctx)
- void *provctx = ctx->provctx;
-
- EVP_MAC_CTX_free(ctx->ctx_init);
-+ ossl_prov_digest_reset(&ctx->digest);
- OPENSSL_clear_free(ctx->context, ctx->context_len);
- OPENSSL_clear_free(ctx->label, ctx->label_len);
- OPENSSL_clear_free(ctx->ki, ctx->ki_len);
-@@ -240,6 +247,11 @@ static int kbkdf_derive(void *vctx, unsigned char *key, size_t keylen,
- goto done;
- }
-
-+#ifdef FIPS_MODULE
-+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+#endif /* defined(FIPS_MODULE) */
-+
- h = EVP_MAC_CTX_get_mac_size(ctx->ctx_init);
- if (h == 0)
- goto done;
-@@ -297,6 +309,9 @@ static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
- }
- }
-
-+ if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx))
-+ return 0;
-+
- p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE);
- if (p != NULL
- && OPENSSL_strncasecmp("counter", p->data, p->data_size) == 0) {
-@@ -363,20 +378,77 @@ static const OSSL_PARAM *kbkdf_settable_ctx_params(ossl_unused void *ctx,
- static int kbkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
- {
- OSSL_PARAM *p;
-+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
-
- p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE);
-- if (p == NULL)
-+ if (p != NULL) {
-+ any_valid = 1;
-+
-+ /* KBKDF can produce results as large as you like. */
-+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
-+ return 0;
-+ }
-+
-+#ifdef FIPS_MODULE
-+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
-+ if (p != NULL) {
-+ KBKDF *ctx = (KBKDF *)vctx;
-+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
-+
-+ any_valid = 1;
-+
-+ /* According to NIST Special Publication 800-131Ar2, Section 8:
-+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
-+ * the key-derivation key [i.e., the input key] shall be at least 112
-+ * bits". */
-+ if (ctx->ki_len < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
-+ * Verification Program, Section D.B and NIST Special Publication
-+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
-+ * strength < 112 bits is legacy use only, so all derived keys should
-+ * be longer than that. If a derived key has ever been shorter than
-+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
-+ * should also set the returned FIPS indicator to unapproved. */
-+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
-+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
-+ * extendable-output functions may only be used as the standalone
-+ * algorithms." Note that the digest is only used when the MAC
-+ * algorithm is HMAC. */
-+ if (ctx->ctx_init != NULL
-+ && EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->ctx_init), OSSL_MAC_NAME_HMAC)) {
-+ const EVP_MD *md = ossl_prov_digest_md(&ctx->digest);
-+ if (md != NULL
-+ && (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256"))) {
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+ }
-+ }
-+
-+ if (!OSSL_PARAM_set_int(p, fips_indicator))
-+ return 0;
-+ }
-+#endif
-+
-+ if (!any_valid)
- return -2;
-
-- /* KBKDF can produce results as large as you like. */
-- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
-+ return 1;
- }
-
- static const OSSL_PARAM *kbkdf_gettable_ctx_params(ossl_unused void *ctx,
- ossl_unused void *provctx)
- {
-- static const OSSL_PARAM known_gettable_ctx_params[] =
-- { OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL), OSSL_PARAM_END };
-+ static const OSSL_PARAM known_gettable_ctx_params[] = {
-+ OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
-+#endif /* defined(FIPS_MODULE) */
-+ OSSL_PARAM_END
-+ };
- return known_gettable_ctx_params;
- }
-
-diff --git a/providers/implementations/kdfs/sshkdf.c b/providers/implementations/kdfs/sshkdf.c
-index c592ba72f1..4a52b38266 100644
---- a/providers/implementations/kdfs/sshkdf.c
-+++ b/providers/implementations/kdfs/sshkdf.c
-@@ -48,6 +48,9 @@ typedef struct {
- char type; /* X */
- unsigned char *session_id;
- size_t session_id_len;
-+#ifdef FIPS_MODULE
-+ int fips_indicator;
-+#endif /* defined(FIPS_MODULE) */
- } KDF_SSHKDF;
-
- static void *kdf_sshkdf_new(void *provctx)
-@@ -126,6 +129,12 @@ static int kdf_sshkdf_derive(void *vctx, unsigned char *key, size_t keylen,
- ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_TYPE);
- return 0;
- }
-+
-+#ifdef FIPS_MODULE
-+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+#endif /* defined(FIPS_MODULE) */
-+
- return SSHKDF(md, ctx->key, ctx->key_len,
- ctx->xcghash, ctx->xcghash_len,
- ctx->session_id, ctx->session_id_len,
-@@ -194,10 +203,67 @@ static const OSSL_PARAM *kdf_sshkdf_settable_ctx_params(ossl_unused void *ctx,
- static int kdf_sshkdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
- {
- OSSL_PARAM *p;
-+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
-
-- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
-- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
-- return -2;
-+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
-+ any_valid = 1;
-+
-+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
-+ return 0;
-+ }
-+
-+#ifdef FIPS_MODULE
-+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
-+ if (p != NULL) {
-+ KDF_SSHKDF *ctx = vctx;
-+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
-+
-+ any_valid = 1;
-+
-+ /* According to NIST Special Publication 800-131Ar2, Section 8:
-+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
-+ * the key-derivation key [i.e., the input key] shall be at least 112
-+ * bits". */
-+ if (ctx->key_len < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
-+ * Verification Program, Section D.B and NIST Special Publication
-+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
-+ * strength < 112 bits is legacy use only, so all derived keys should
-+ * be longer than that. If a derived key has ever been shorter than
-+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
-+ * should also set the returned FIPS indicator to unapproved. */
-+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
-+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
-+ * extendable-output functions may only be used as the standalone
-+ * algorithms."
-+ *
-+ * Additionally, SP 800-135r1 section 5.2 specifies that the hash
-+ * function used in SSHKDF "is one of the hash functions specified in
-+ * FIPS 180-3.", which rules out SHA-3 and truncated variants of SHA-2.
-+ * */
-+ if (ctx->digest.md != NULL
-+ && !EVP_MD_is_a(ctx->digest.md, "SHA-1")
-+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-224")
-+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-256")
-+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-384")
-+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-512")) {
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+ }
-+
-+ if (!OSSL_PARAM_set_int(p, fips_indicator))
-+ return 0;
-+ }
-+#endif
-+
-+ if (!any_valid)
-+ return -2;
-+
-+ return 1;
- }
-
- static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx,
-@@ -205,6 +271,9 @@ static const OSSL_PARAM *kdf_sshkdf_gettable_ctx_params(ossl_unused void *ctx,
- {
- static const OSSL_PARAM known_gettable_ctx_params[] = {
- OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
-+#endif /* defined(FIPS_MODULE) */
- OSSL_PARAM_END
- };
- return known_gettable_ctx_params;
-diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c
-index eb54972e1c..23865cd70f 100644
---- a/providers/implementations/kdfs/sskdf.c
-+++ b/providers/implementations/kdfs/sskdf.c
-@@ -64,6 +64,10 @@ typedef struct {
- size_t salt_len;
- size_t out_len; /* optional KMAC parameter */
- int is_kmac;
-+ int is_x963kdf;
-+#ifdef FIPS_MODULE
-+ int fips_indicator;
-+#endif /* defined(FIPS_MODULE) */
- } KDF_SSKDF;
-
- #define SSKDF_MAX_INLEN (1<<30)
-@@ -73,6 +77,7 @@ typedef struct {
- static const unsigned char kmac_custom_str[] = { 0x4B, 0x44, 0x46 };
-
- static OSSL_FUNC_kdf_newctx_fn sskdf_new;
-+static OSSL_FUNC_kdf_newctx_fn x963kdf_new;
- static OSSL_FUNC_kdf_dupctx_fn sskdf_dup;
- static OSSL_FUNC_kdf_freectx_fn sskdf_free;
- static OSSL_FUNC_kdf_reset_fn sskdf_reset;
-@@ -296,6 +301,16 @@ static void *sskdf_new(void *provctx)
- return ctx;
- }
-
-+static void *x963kdf_new(void *provctx)
-+{
-+ KDF_SSKDF *ctx = sskdf_new(provctx);
-+
-+ if (ctx)
-+ ctx->is_x963kdf = 1;
-+
-+ return ctx;
-+}
-+
- static void sskdf_reset(void *vctx)
- {
- KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
-@@ -361,6 +376,11 @@ static int sskdf_derive(void *vctx, unsigned char *key, size_t keylen,
- }
- md = ossl_prov_digest_md(&ctx->digest);
-
-+#ifdef FIPS_MODULE
-+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+#endif /* defined(FIPS_MODULE) */
-+
- if (ctx->macctx != NULL) {
- /* H(x) = KMAC or H(x) = HMAC */
- int ret;
-@@ -442,6 +462,11 @@ static int x963kdf_derive(void *vctx, unsigned char *key, size_t keylen,
- return 0;
- }
-
-+#ifdef FIPS_MODULE
-+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+#endif /* defined(FIPS_MODULE) */
-+
- return SSKDF_hash_kdm(md, ctx->secret, ctx->secret_len,
- ctx->info, ctx->info_len, 1, key, keylen);
- }
-@@ -514,10 +539,74 @@ static int sskdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
- {
- KDF_SSKDF *ctx = (KDF_SSKDF *)vctx;
- OSSL_PARAM *p;
-+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
-+
-+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
-+ any_valid = 1;
-+
-+ if (!OSSL_PARAM_set_size_t(p, sskdf_size(ctx)))
-+ return 0;
-+ }
-
-- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
-- return OSSL_PARAM_set_size_t(p, sskdf_size(ctx));
-- return -2;
-+#ifdef FIPS_MODULE
-+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
-+ if (p != NULL) {
-+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
-+
-+ any_valid = 1;
-+
-+ /* According to NIST Special Publication 800-131Ar2, Section 8:
-+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
-+ * the key-derivation key [i.e., the input key] shall be at least 112
-+ * bits". */
-+ if (ctx->secret_len < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
-+ * Verification Program, Section D.B and NIST Special Publication
-+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
-+ * strength < 112 bits is legacy use only, so all derived keys should
-+ * be longer than that. If a derived key has ever been shorter than
-+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
-+ * should also set the returned FIPS indicator to unapproved. */
-+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
-+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
-+ * extendable-output functions may only be used as the standalone
-+ * algorithms." */
-+ if (ctx->macctx == NULL
-+ || (ctx->macctx != NULL &&
-+ EVP_MAC_is_a(EVP_MAC_CTX_get0_mac(ctx->macctx), OSSL_MAC_NAME_HMAC))) {
-+ if (ctx->digest.md != NULL
-+ && (EVP_MD_is_a(ctx->digest.md, "SHAKE-128") ||
-+ EVP_MD_is_a(ctx->digest.md, "SHAKE-256"))) {
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+ }
-+
-+ /* Table H-3 in ANS X9.63-2001 says that 160-bit hash functions
-+ * should only be used for 80-bit key agreement, but FIPS 140-3
-+ * requires a security strength of 112 bits, so SHA-1 cannot be
-+ * used with X9.63. See the discussion in
-+ * https://github.com/usnistgov/ACVP/issues/1403#issuecomment-1435300395.
-+ */
-+ if (ctx->is_x963kdf
-+ && ctx->digest.md != NULL
-+ && EVP_MD_is_a(ctx->digest.md, "SHA-1")) {
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+ }
-+ }
-+
-+ if (!OSSL_PARAM_set_int(p, fips_indicator))
-+ return 0;
-+ }
-+#endif
-+
-+ if (!any_valid)
-+ return -2;
-+
-+ return 1;
- }
-
- static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
-@@ -525,6 +614,9 @@ static const OSSL_PARAM *sskdf_gettable_ctx_params(ossl_unused void *ctx,
- {
- static const OSSL_PARAM known_gettable_ctx_params[] = {
- OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0),
-+#endif /* defined(FIPS_MODULE) */
- OSSL_PARAM_END
- };
- return known_gettable_ctx_params;
-@@ -545,7 +637,7 @@ const OSSL_DISPATCH ossl_kdf_sskdf_functions[] = {
- };
-
- const OSSL_DISPATCH ossl_kdf_x963_kdf_functions[] = {
-- { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))sskdf_new },
-+ { OSSL_FUNC_KDF_NEWCTX, (void(*)(void))x963kdf_new },
- { OSSL_FUNC_KDF_DUPCTX, (void(*)(void))sskdf_dup },
- { OSSL_FUNC_KDF_FREECTX, (void(*)(void))sskdf_free },
- { OSSL_FUNC_KDF_RESET, (void(*)(void))sskdf_reset },
-diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
-index a4d64b9352..f6782a6ca2 100644
---- a/providers/implementations/kdfs/tls1_prf.c
-+++ b/providers/implementations/kdfs/tls1_prf.c
-@@ -93,6 +93,13 @@ typedef struct {
- /* Buffer of concatenated seed data */
- unsigned char seed[TLS1_PRF_MAXBUF];
- size_t seedlen;
-+
-+ /* MAC digest algorithm; used to compute FIPS indicator */
-+ PROV_DIGEST digest;
-+
-+#ifdef FIPS_MODULE
-+ int fips_indicator;
-+#endif /* defined(FIPS_MODULE) */
- } TLS1_PRF;
-
- static void *kdf_tls1_prf_new(void *provctx)
-@@ -129,6 +136,7 @@ static void kdf_tls1_prf_reset(void *vctx)
- EVP_MAC_CTX_free(ctx->P_sha1);
- OPENSSL_clear_free(ctx->sec, ctx->seclen);
- OPENSSL_cleanse(ctx->seed, ctx->seedlen);
-+ ossl_prov_digest_reset(&ctx->digest);
- memset(ctx, 0, sizeof(*ctx));
- ctx->provctx = provctx;
- }
-@@ -157,6 +165,10 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
- return 0;
- }
-+#ifdef FIPS_MODULE
-+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+#endif /* defined(FIPS_MODULE) */
-
- /*
- * The seed buffer is prepended with a label.
-@@ -191,6 +203,9 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
- }
- }
-
-+ if (!ossl_prov_digest_load_from_params(&ctx->digest, params, libctx))
-+ return 0;
-+
- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL) {
- OPENSSL_clear_free(ctx->sec, ctx->seclen);
- ctx->sec = NULL;
-@@ -232,10 +247,60 @@ static const OSSL_PARAM *kdf_tls1_prf_settable_ctx_params(
- static int kdf_tls1_prf_get_ctx_params(void *vctx, OSSL_PARAM params[])
- {
- OSSL_PARAM *p;
-+#ifdef FIPS_MODULE
-+ TLS1_PRF *ctx = vctx;
-+#endif /* defined(FIPS_MODULE) */
-+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
-+
-+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
-+ any_valid = 1;
-+
-+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
-+ return 0;
-+ }
-+
-+#ifdef FIPS_MODULE
-+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
-+ if (p != NULL) {
-+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
-+
-+ any_valid = 1;
-+
-+ /* According to NIST Special Publication 800-131Ar2, Section 8:
-+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
-+ * the key-derivation key [i.e., the input key] shall be at least 112
-+ * bits". */
-+ if (ctx->seclen < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
-+ * Verification Program, Section D.B and NIST Special Publication
-+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
-+ * strength < 112 bits is legacy use only, so all derived keys should
-+ * be longer than that. If a derived key has ever been shorter than
-+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
-+ * should also set the returned FIPS indicator to unapproved. */
-+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ /* SP 800-135r1 section 4.2.2 says TLS 1.2 KDF is approved when "(3)
-+ * P_HASH uses either SHA-256, SHA-384 or SHA-512." */
-+ if (ctx->digest.md != NULL
-+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-256")
-+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-384")
-+ && !EVP_MD_is_a(ctx->digest.md, "SHA2-512")) {
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+ }
-+
-+ if (!OSSL_PARAM_set_int(p, fips_indicator))
-+ return 0;
-+ }
-+#endif
-
-- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
-- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
-- return -2;
-+ if (!any_valid)
-+ return -2;
-+
-+ return 1;
- }
-
- static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(
-@@ -243,6 +308,9 @@ static const OSSL_PARAM *kdf_tls1_prf_gettable_ctx_params(
- {
- static const OSSL_PARAM known_gettable_ctx_params[] = {
- OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0),
-+#endif /* defined(FIPS_MODULE) */
- OSSL_PARAM_END
- };
- return known_gettable_ctx_params;
-diff --git a/providers/implementations/kdfs/x942kdf.c b/providers/implementations/kdfs/x942kdf.c
-index b1bc6f7e1b..8173fc2cc7 100644
---- a/providers/implementations/kdfs/x942kdf.c
-+++ b/providers/implementations/kdfs/x942kdf.c
-@@ -13,11 +13,13 @@
- #include <openssl/core_dispatch.h>
- #include <openssl/err.h>
- #include <openssl/evp.h>
-+#include <openssl/kdf.h>
- #include <openssl/params.h>
- #include <openssl/proverr.h>
- #include "internal/packet.h"
- #include "internal/der.h"
- #include "internal/nelem.h"
-+#include "crypto/evp.h"
- #include "prov/provider_ctx.h"
- #include "prov/providercommon.h"
- #include "prov/implementations.h"
-@@ -47,6 +50,9 @@ typedef struct {
- const unsigned char *cek_oid;
- size_t cek_oid_len;
- int use_keybits;
-+#ifdef FIPS_MODULE
-+ int fips_indicator;
-+#endif /* defined(FIPS_MODULE) */
- } KDF_X942;
-
- /*
-@@ -460,6 +466,10 @@ static int x942kdf_derive(void *vctx, unsigned char *key, size_t keylen,
- ERR_raise(ERR_LIB_PROV, PROV_R_BAD_ENCODING);
- return 0;
- }
-+#ifdef FIPS_MODULE
-+ if (keylen < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+#endif /* defined(FIPS_MODULE) */
- ret = x942kdf_hash_kdm(md, ctx->secret, ctx->secret_len,
- der, der_len, ctr, key, keylen);
- OPENSSL_free(der);
-@@ -563,10 +573,58 @@ static int x942kdf_get_ctx_params(void *vctx, OSSL_PARAM params[])
- {
- KDF_X942 *ctx = (KDF_X942 *)vctx;
- OSSL_PARAM *p;
-+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
-
-- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
-- return OSSL_PARAM_set_size_t(p, x942kdf_size(ctx));
-- return -2;
-+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
-+ any_valid = 1;
-+
-+ if (!OSSL_PARAM_set_size_t(p, x942kdf_size(ctx)))
-+ return 0;
-+ }
-+
-+#ifdef FIPS_MODULE
-+ p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR);
-+ if (p != NULL) {
-+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
-+
-+ any_valid = 1;
-+
-+ /* According to NIST Special Publication 800-131Ar2, Section 8:
-+ * Deriving Additional Keys from a Cryptographic Key, "[t]he length of
-+ * the key-derivation key [i.e., the input key] shall be at least 112
-+ * bits". */
-+ if (ctx->secret_len < EVP_KDF_FIPS_MIN_KEY_LEN)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
-+ * Verification Program, Section D.B and NIST Special Publication
-+ * 800-131Ar2, Section 1.2.2 say that any algorithm at a security
-+ * strength < 112 bits is legacy use only, so all derived keys should
-+ * be longer than that. If a derived key has ever been shorter than
-+ * that, ctx->output_keyelen_indicator will be NOT_APPROVED, and we
-+ * should also set the returned FIPS indicator to unapproved. */
-+ if (ctx->fips_indicator == EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
-+ * Validation Program, Section C.C: "The SHAKE128 and SHAKE256
-+ * extendable-output functions may only be used as the standalone
-+ * algorithms." */
-+ if (ctx->digest.md != NULL
-+ && (EVP_MD_is_a(ctx->digest.md, "SHAKE-128") ||
-+ EVP_MD_is_a(ctx->digest.md, "SHAKE-256"))) {
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+ }
-+
-+ if (!OSSL_PARAM_set_int(p, fips_indicator))
-+ return 0;
-+ }
-+#endif
-+
-+ if (!any_valid)
-+ return -2;
-+
-+ return 1;
- }
-
- static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx,
-@@ -574,6 +632,9 @@ static const OSSL_PARAM *x942kdf_gettable_ctx_params(ossl_unused void *ctx,
- {
- static const OSSL_PARAM known_gettable_ctx_params[] = {
- OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, 0),
-+#endif /* defined(FIPS_MODULE) */
- OSSL_PARAM_END
- };
- return known_gettable_ctx_params;
-diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
-index 70f7c50fe4..6618122417 100644
---- a/util/perl/OpenSSL/paramnames.pm
-+++ b/util/perl/OpenSSL/paramnames.pm
-@@ -183,6 +183,7 @@ my %params = (
- 'KDF_PARAM_X942_SUPP_PUBINFO' => "supp-pubinfo",
- 'KDF_PARAM_X942_SUPP_PRIVINFO' => "supp-privinfo",
- 'KDF_PARAM_X942_USE_KEYBITS' => "use-keybits",
-+ 'KDF_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator",
- 'KDF_PARAM_HMACDRBG_ENTROPY' => "entropy",
- 'KDF_PARAM_HMACDRBG_NONCE' => "nonce",
- 'KDF_PARAM_THREADS' => "threads", # uint32_t
---
-2.39.2
-
diff --git a/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch b/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
deleted file mode 100644
index 4308f5e..0000000
--- a/0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
+++ /dev/null
@@ -1,1102 +0,0 @@
-From 936e081bd752ca0a883568aaf3b5752c9eaccb12 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 15:38:21 +0200
-Subject: [PATCH 36/48]
- 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
-
-Patch-name: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
-Patch-id: 80
-Patch-status: |
- # We believe that some changes present in CentOS are not necessary
- # because ustream has a check for FIPS version
----
- providers/implementations/rands/drbg_hash.c | 12 ++
- providers/implementations/rands/drbg_hmac.c | 12 ++
- test/recipes/30-test_evp_data/evprand.txt | 129 ++++++++++++++++++++
- 3 files changed, 153 insertions(+)
-
-diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c
-index fb824abfa6..b90fee6dec 100644
---- a/providers/implementations/rands/drbg_hash.c
-+++ b/providers/implementations/rands/drbg_hash.c
-@@ -471,6 +471,18 @@ static int drbg_hash_set_ctx_params(void *vctx, const OSSL_PARAM params[])
- if (!ossl_drbg_verify_digest(libctx, md))
- return 0; /* Error already raised for us */
-
-+#ifdef FIPS_MODULE
-+ if (!EVP_MD_is_a(md, SN_sha1)
-+ && !EVP_MD_is_a(md, SN_sha256)
-+ && !EVP_MD_is_a(md, SN_sha512)) {
-+ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
-+ "%s is not an acceptable hash function for an SP 800-90A"
-+ " DRBG according to FIPS 140-3 IG, section D.R",
-+ EVP_MD_get0_name(md));
-+ return 0;
-+ }
-+#endif /* defined(FIPS_MODULE) */
-+
- /* These are taken from SP 800-90 10.1 Table 2 */
- hash->blocklen = EVP_MD_get_size(md);
- /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */
-diff --git a/providers/implementations/rands/drbg_hmac.c b/providers/implementations/rands/drbg_hmac.c
-index 664a074639..cbd4d0f519 100644
---- a/providers/implementations/rands/drbg_hmac.c
-+++ b/providers/implementations/rands/drbg_hmac.c
-@@ -367,6 +367,18 @@ static int drbg_hmac_set_ctx_params(void *vctx, const OSSL_PARAM params[])
- if (md != NULL && !ossl_drbg_verify_digest(libctx, md))
- return 0; /* Error already raised for us */
-
-+#ifdef FIPS_MODULE
-+ if (!EVP_MD_is_a(md, SN_sha1)
-+ && !EVP_MD_is_a(md, SN_sha256)
-+ && !EVP_MD_is_a(md, SN_sha512)) {
-+ ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
-+ "%s is not an acceptable hash function for an SP 800-90A"
-+ " DRBG according to FIPS 140-3 IG, section D.R",
-+ EVP_MD_get0_name(md));
-+ return 0;
-+ }
-+#endif /* defined(FIPS_MODULE) */
-+
- if (!ossl_prov_macctx_load_from_params(&hmac->ctx, params,
- NULL, NULL, NULL, libctx))
- return 0;
-diff --git a/test/recipes/30-test_evp_data/evprand.txt b/test/recipes/30-test_evp_data/evprand.txt
-index 0e2ee82c58..7a17e7b3e1 100644
---- a/test/recipes/30-test_evp_data/evprand.txt
-+++ b/test/recipes/30-test_evp_data/evprand.txt
-@@ -7388,6 +7388,7 @@ Nonce.14 = 7239f92b63fb3dbe
- PersonalisationString.14 = 8d2e2ca3985bd2538a71f02cc3eb5568
- Output.14 = 0e4cb328c03faaedbec7215725851069bceae4332de6a70e3521dd065f2f7923485969571ebd7f24be460fd901c6b3e356da6ee5262ef2d76ad14eb0f697f8fb92af2f46630198c5f7018860886147b3
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -8659,6 +8660,7 @@ AdditionalInputA.14 = e5c633ca50dcd83e0a34d397df53f6d7a6f7170a3f81f0e6
- AdditionalInputB.14 = 5f0beb5a2d2968e83ba87c92bfa420fd6e8526fbbfdea128
- Output.14 = 8bec11df1022aa50d95daeaf23d78d6ee45c43c5768b90181e106c7df8ff333d7cb87ca1ab83f8742370db1c8c0c0c22f141ff4de33ae8bdb14fee7e6c069819320629c66d94c7c97ff52930a3c1dcd501b60f0f84bda4720ee187ae858a6e068326eda5809716e366d1b608c61b0100
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -8709,6 +8711,7 @@ Entropy.14 = 1194beb668839c47c73e7516f9ba09d23dec3553b3b5532f75b260106dcc2abf
- Nonce.14 = 3c8a77351e93065d584feeb08c8424a9
- Output.14 = fabd48bfcdd07968239fe538c2d8c9bde2e257b9b244078f39287c7ee90de167fff56a693c4e64f45081635511b5fd031c0270a31b4a014e44c0516a55ae72345aa11dffcda4ccf8cda50f6948d5ae425d8d53ad5c74cef1364277990156796e1c5dfa1ef095c0d8983477eb24241135760b02c86c86d4ec3627edac8c1a7e32
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -8789,6 +8792,7 @@ AdditionalInputA.14 = 626385595bef7103af0af700e1df048d7572286af709289b7894d2ab09
- AdditionalInputB.14 = bfe8946dbf27d3a2127ec600351c3920d2531eb9419408233e0a888059b5eb68
- Output.14 = ee6d07661828213e6453d94faaf76345c70949eca4965714c350313b0bcd8e079e6a07f8b2f7a91bcb7ef39a61568fd1c40ab78f154b3582f830095d571de29f81f9565e46b560d34c32bff55341a991f8e863bd9242c7cdd366be12538bb6922f1abfa19e7998aac61d465fc46538ee9142acc66786f4516ef4105fe1d80372
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -8854,6 +8858,7 @@ Nonce.14 = de2186bafa82b0d08a0b8215e3424512
- PersonalisationString.14 = d96db27febe22db935b117dc3068374e39c5b2119b497e3c1d858ef649e01de5
- Output.14 = d04435a8aab397cfcee5151f7aa24298ffc6eee4f577cda42d5e154b8d28cb2f0f945f11a15ed5b76486c88f03081cfd262d94a8e0b332e3c9c608461dcc8eba20d7db209810d25c226fda9fe218022a9b2c96876cb16c06c0553dd84ce57e20338c3d3e03c59ce22e668e25c2c50d5cc9afab91f50a28680964c2dacb9d2fb3
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -8949,6 +8954,7 @@ AdditionalInputA.14 = 5d9446eff72d59529a90b498d8f40983b3b2904f63664fc0aa1de8700d
- AdditionalInputB.14 = e19707aafa391e8622539d52a05d930292bd0f7c17825dbed5fb7a2f8734081b
- Output.14 = 6ce2ae37349cbef9ebd1f9b85485810a22d430d94abf66912dd7b6cc751400e777be2f1cebc19d65694a456b2c6429cefd95eb934030846708d50be3b274c2f7de299f3c311038491f271448c7d02ff51de048fa1184e8ee06b7b46a9f123daecbebae4a2183dc8eb6976abf0dae7cdbea6017cd1500f37dfadcce0c1956ea87
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -8999,6 +9005,7 @@ Entropy.14 = a7a1dbf7f828555610197e71e0ad563b8691589c5289ced03e9ef83b6f9ff938
- Nonce.14 = 4274788c5d80e26ec1ac3a57b9c7c0df
- Output.14 = 5a907a26c1ef588219d4c69fcf4c5c283ab148a77588a40b323bd24e6dfb29551c4b6116c4d61349f5f8bd9ed497f38b239c37283902beb3c9700c768fa289ee4573f92316efb860a5ca4267b328f03c13138b774b4b9f7516003a699f7a0854a0efb045a5932753a771c2cc6119202b33336f10edb715bcce1d20ff503dda01
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -9079,6 +9086,7 @@ AdditionalInputA.14 = de1bbca12357943b4489cc7209b3f063b51b91acc168ec5e0ad88048b6
- AdditionalInputB.14 = 6ddd9aba4f100ef902ba50adee53ef44a4f45564c13e774e69557e36a357e7cf
- Output.14 = 544ec80a966644454886fb97a0f05eb6a4a25fcbce795b5e5b27ee06ba14b7de18dbf54f80a670b87c76c336ac9af16c8958ad6c1bde9a97aa4c1ab5823d24a53c64f6766ce6eb9b7085cf7282499c37fc1e2e825f53bc357bf36d5901e0ae93cd3bd821fa18b5aa17548560f7ad6ef38124814fccf9b2b89de61cfc27c7269b
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -9144,6 +9152,7 @@ Nonce.14 = ab7843b73ecb4858f2cc5e9dfca803ef
- PersonalisationString.14 = dee559515084d8ac49c3803f09f3d5fed3b307946a2752c267677f22786a0125
- Output.14 = a12f5e8ea3bb174934c15e5d114ba615da33210c98c38d7fde4b5aef9aecdeaef311d929d7fece7fee11db67134c3326b413b8dc17766ba4fb881105db68688b148fd95d812f6538b14f25afaae84d39025336136d270bd643f2a6c7164930372fb1c8f4f0dab60283e9d8d3440ce8dc66761c5d5c4c13cc3a367feb4869b559
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -9239,6 +9248,7 @@ AdditionalInputA.14 = ead8c0dcf4ddc909aab96eadab509a46908ee5f090983af609f08d8a8b
- AdditionalInputB.14 = f357bda8f2048929a4e31969ec978cc333d58b4fc09a8aa1b73ec9bdfaa1a8f6
- Output.14 = 901aabb3f065be08e2f8072d5d3ffcb28ab291420644e407e7a6a3346b75a5be535bdbdd5a8245998689450292df877233ef0783e0bd1765413193790995d884ffcb2c8dc35fe4cfc12def2f091866d735b1dcfc9d8d8c26903d50e9397b1bbd674bb81fc908361b2bddb68f02031d87588cc3e94210422674e93fea6a5329af
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -9289,6 +9299,7 @@ Entropy.14 = dfa94c198483c5daa046f1dd1e4e83f854fd6c5cbc3465f671bdfd36837779ab
- Nonce.14 = 298de64bbd817d009a71c1424ae839f9
- Output.14 = bfb9a54ce31406a82608aebc826441f8f633813a0c3bad723b802f3e905a6ee3512ff3513062aea51f93be17aebf1cfcd81868e85db3db9aa98680f974001fda8fe6a644f5efbb9d6e52e99ff606ef1ed7cd3b17fa6c6844790ed58da6df61aba0c200d7dff943588f4520891798098bddc65797b2f99c05efa090c60dc48a4e
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -9369,6 +9380,7 @@ AdditionalInputA.14 = 066b072d48f6cc6bb00273e0bc0ebc086235fe79af1fbdb46318f56c62
- AdditionalInputB.14 = cfb58f59c6d56993b9f0b5ba1643554072cf4ae8013c236120044ae909083f5f
- Output.14 = d5dd7f55ffa7d53fc0f679cddadeb869f39b29a6d394c9f1185b11ebefbcb43419c6a26ae3c9ab9d456e2cdba1aead05e67eabd3596526ee431ba7cab7f94838062fcec2363cf0e19849ffef30064263b3a059ce38aa02c2729bff5af9450e035161816724163906112205196c642bfd70f36abb4639fd6e4f7f6a879ebbcc62
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -9434,6 +9446,7 @@ Nonce.14 = ea7d3c3b8f6da0667d7f0d543c68d7d1
- PersonalisationString.14 = 86c20a7e794c887898d5bc00e98398276a4e3ad8d674fb808a63a44330490d2b
- Output.14 = ee8e21ff48af611a17d33e130f4e4224330efcc1402b6d55aaf1f514553b880f18df68c0e4279854eb2e9b904c552f69f0e1badc347ebe336b70456f221e07a2fc78df72551d99df3755997029ee1461e2b6e396370096d7e8c2dfceb73214a72ae2b25ccc60b92dd71988eda811ceac4b7c335528249aaf82826a14c142007c
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -9529,6 +9542,7 @@ AdditionalInputA.14 = ea12ddcafa4f578b8b43337508dd8627844d185b10af7de7e907d113c6
- AdditionalInputB.14 = 0cc670275cd2b0eac5df123eb1fd73c2f2b093b76806943918cf49930fa97515
- Output.14 = 88dc727007c0e03c8d27d00c87876f8990b271964a5275f636ecd7f18cac9c869e5f9df5fb2d34e7f89c2e9819af562a706a03d9be9318896f5ab16573aebbfd94a681cbf27e7202b8674437667893246c267785d0deca5033de88a61bf5158177391c2e3232ea6f812c468d5629ed9f89ad0bec0f6c7a469f56331f9eba1cd2
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -9579,6 +9593,7 @@ Entropy.14 = 6b9f904ac4b16d36e06a1bddc501d7ef98d5685c1ceadd0a6e1622e0c1e73716
- Nonce.14 = 4a42f39e5a241a2b96db29055159c91f
- Output.14 = 785014b0460831b7b67346c6997217b0f6c8e7313687ea6ff4d0b09a0786bd6ac362a0b1ddc6ab8c9c624625a379cbec7f11cf30ddab23cdec054b986175cdae0ca4ba4610e0711bc94e9ab706539d5fa2c1a4fd3cd49042696b58dce465f8e09a200e7d214cda357021c62248a01aeb95f8ffa8bd49d354fdccf4c71eec3491
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -9659,6 +9674,7 @@ AdditionalInputA.14 = 147d51711ae8a420f165db0000d9d0cb9e9cd5447311eed43d7cc9217d
- AdditionalInputB.14 = 2910968bb1976a1b8ced116e673f408da6fc563695c918ac0a230b0bb800c707
- Output.14 = 357a7269b30ca744e213d894f5c45d0db9fba897e0c863a56062f5018ad9be9f37b8d550014ed68f2c34bf5195c0b7460df171ff3bd4a590578670c92470d876c8de19d48a6d7fa15fc7996be78d3cc8a5c657439f4bb9865bd56e187d5df2531a405e3e0f4b87c611aa8e226b8b0266290f06f8062456a7a4bf0896e4ddd948
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -10995,6 +11011,7 @@ AdditionalInputA.14 = 23e4e6b0e0c1b28a6f9731f8b09960ce7adac17527b3bbaca7c811daea
- AdditionalInputB.14 = dc7fac6aeded9e17b5bb5e2bcad9424d42dc07e809da59d52caecba6e75ca457
- Output.14 = 5a42b35cf1b72d2520d92719a94ef1a7ca5b6d6c7eef2de25c8ea44c1fc3a9a5ff2128f47bbe58084a0c7a3fc790626eff5666b4c1e68fb2f53de3370b29c398d5067b255f5f7f29fdb0f8bc256ee3afbe78a33981626837c55f981e56eb2e1bdd89ca081e48f6da7ce6576fbd37dbd57a3f41cf410cb375614af239f2e10218e777fb97a55d9cc73243882b8d8d2a2c812fbdeaaed90b5bd71a274b4b171cd7e661912c9b3de1714a3fe4931d8fc7cb1c9f64f4e37d4e5dbc31602d2f8699e0
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11045,6 +11062,7 @@ Entropy.14 = 471746177fa3ebbc1f1e06fa42d61d5d491abc82eb7d66e749b87d562a7eff34
- Nonce.14 = 42f8a1ee9b09940e9e1dc64f51a78b4b
- Output.14 = 238c9889284139945e657d2c4312ee3ca2013de69be10bdc8b90d54867889f2c15c6cc933913457d4f5a00bd52b0216d90c56bcb341dde7496218861b083f80d8c933627e19b7bd8b73d6dda1bb0b2b0f1f90e2b453cd063938cec3a08f34e5581c1322329d87709e552a97e8a8c8e8e598a5c5cd6623ad1eb9f7ddd12739b1d157b1020cb8cef19402938d31b74e490c0ce75a9f57a17476df1cffa55de73bb8151071edf396c3b9e4607b07c7e2b45c249f5a8194cca1e97af78be47cec0ab0096cf588f3d4432393a8f5423a165d585e2e5f98fe47510d9415418aba28aab1193261036214c35d8ba04650b4539be6b9f7377e3c75ed236d0e69cce004906
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11125,6 +11143,7 @@ AdditionalInputA.14 = 4b69404b80b6f2fec36a7dff1b194a228761694129efa6c6b9a044f553
- AdditionalInputB.14 = 519c4cf1b30500f729e5426d76373c291e26cafceb594c10c96bdb9aef4b42fa
- Output.14 = 53568141a5c09b6b02ac4ab674d341aa6300f8be93c0f36a7376a6850abfce068927510a1b98301aaa29252cfadfe5a2f241abc677e9e70fbca287c579acd276c2eec5c8b508f2b119a40164c6a12c0e0ca1d3d53595bbebe32fda2eef2b613329a614a28d3b374a7b031b49dba74b465a7db60a8dbdcc9e952ea143e9d5a3a651c1b0d6dad79341a7c3fd5816933f2579cc005f3c5655eb8d3f9d1e4562a756ecca3fc1d688c9824391ec8444c6024774a295c44c17fe592694dcf41f305f50a16e07fc28e247bb3d9dd0c52c6fde79df84c8d521606cec9a55f909691f5cfd797b69304dff5b60ac816b0d5046a47c2434127da1fbaa86d2844f5164a9dbdd
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11190,6 +11209,7 @@ Nonce.14 = 8680d7b3f0a8ae576bb0f75364b463ea
- PersonalisationString.14 = c0bf8f2ca4efb48b8dca73ca7148da3cd5981c5a459be32db5a14fc7762c68d6
- Output.14 = 269b3b656e58f9aeed32c80700d9d1b863b0253b3b33155cc0849efbedfa51cff82262c9342cff7f1a7a58a5954fe66547baa1831fee55ae0d322674c6c784095f43b30c1887fb9fa5e7e7f1905da2808ab810ecd224ab403b6f562bac54e65cf7f0473991ce7d7cbc1a669a022fde3141a9880d974b7ede2fad24a3263570443cab0e8017d242fb4c2032dc8be56d8fc1e0e8f92254c7480e4941259ecc29ea47a1d11e074148b259ff95a94711d767f0655f1e0574dfdc4ae4f27b12015af86aefd36f6c10056c3d83e639e3641cdd8ba178f7779dcf502bab3d7588cffb72f6489981aaa7139c255df0e76bf6bba32e4f547327da4597745b15042869b2c2
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11285,6 +11305,7 @@ AdditionalInputA.14 = 64278bb6b8224b93c0b5339726fb752f6d81e85b204d76376d99779ff1
- AdditionalInputB.14 = 4995815c060c80e9bead55dfe823b869862bd0e5b4357afe810a53c68d4b0e7b
- Output.14 = 9b4249e1e692153ecd20e968f86eb31bf9a22d3671d0ce9d3eea243bfc70890644a95d551cb9956cc3770e95c2f14ff154760cba1b24c51c41f7a961a4502aa053068751618eaaf743e0d37fd41ab4969444519c22c8fd96f9eb1be6ff3ae01a25abba84a259dad8bbc78f47dcab3ac2242e6974a56454999b4c59243102b731fc4bb4e01c92d36f232ca8cfe00fcbc0ac200c2e403d17d5d1dd3d6c2095ddd15ad58a070f18b69a5f5d3f240435d298bd48bd9be028ccaeb10997f88857a848882f51a193522bb0b979b37b5508775fe150cab8ce97c0760b7418b5bbe496562fe639540e77c1025c0e191fe000aa5d1e49bf02a5a3c6f46b40dd2c47786d45
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11335,6 +11356,7 @@ Entropy.14 = 337373a24fe76f025575b3dbd7eeedd03d3459d6ef44cd53335a9c4963cc45de
- Nonce.14 = ebbea7e8e1a3a45c58044b65ab7688b9
- Output.14 = 21ae4510a133fa0906c873eb73e00d777b68a45a1de8759b1497f5146f0c45cf612b02e972ec93ebccbb85c9adaf0f5942fcfbb3b808482f05497f2f4734dd6d42c8413e1bd1bad10463dd4b4cf29f1662c15efc6d24955b1e54a60508d9ed008c9d29f8a6bddfe564c21473271350137452f4601179af37e19d553ec738539cfd7a8df17f07e1f9db5df776256e3c00199997307de394a8ba41be2829defbd8105fcb3cda215219fecb607eb1e7137a29eef188ca7eb349d2d1fe27edc2526ccc6d8f1af7eec9c06910f3909907f966d5904b32577f2715cc32ac08f1b5e25a734716ffddf60c57d422b515ce817b605ead2f875db7a789e351b660704f0cbc
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11415,6 +11437,7 @@ AdditionalInputA.14 = 771e91743429c40a2e3ececc9a3d73a92336c9c988c5d9dde47563b631
- AdditionalInputB.14 = ae1a58611aa54df3c655a1f20985552ed9e3610e92170a0de1a4573a5a1f93d7
- Output.14 = b2534bf690444513bdfecb35bd616b0de47b7cca7f8ab9c5e823b468da62855601b59c6bb75cf34fe3dbc7f795536b9619d243c0f6960895d6710130fbfda2a0bff803e856f1cf21a63e86e59be0d6da7516b697e9ff95c341913ff27c8abe10e6af1b7ad8dec9f7aab46b8d35c103f9bff3016b39ec24026a7b582f6e95261031f734e29a1b64c65639cf238381e5f7e31da624ad24290930501132c860118b6c59052aaa7cf982486219431311453a431a1cf50deaf068e2f9993c0ab851c9aec72be8f7c5c57ed03c488befe6ffc256efe6db52b7734c042b69a5ed74e2593c4788c5fa8a03a5017b927bb8f1c8262925d734c5604639a9b441187b0d95e3
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11480,6 +11503,7 @@ Nonce.14 = 78e7f6e9e8e1511bc0ba7f230b65fe47
- PersonalisationString.14 = 37544eb1992fc569ff259946d639a00230ec1196c5565b8f9da62d9ce552e09a
- Output.14 = 0ddbb84e21d4d7110b933bbeaddb35ad81dc1f331ac8293695b30924f2713eca6f93a13d520da4486f32a12412a927d00e3f27009a944056a5805b0e050f5bf6c6bd32c523c1d607d6e3e97b59fd059a610d664396f69961599ce7f0a0cbd1dcff15474ac267e36c0b871c559fd13b7ff0c3fcc11ff8dac26761a42697c3744981cc5c5ac10cd0f3b285c4ceb4a550ecead095f90fb6f53aa302218ede7ed5ae5deac91a83f957d15ee901746d11777b23c327ee811966690f5f253c7c314a2bf2bea73ca46c6c8cc332c3493f9d023029d762fc90e5dddbb838f2225c521f196332812570a17455b3db45306aa9100ca83185395435137a0b961531cbcafc03
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11575,6 +11599,7 @@ AdditionalInputA.14 = 8dab17e96142c890eb16981b97364223e815130bdb0c0c284e50dd3349
- AdditionalInputB.14 = 1439e2d19a99703fc35607b5bde55331eca67b2b9a9f7587ddba0dd1fe690ab2
- Output.14 = aa088ba4682bd2285e90c7967a7b8a518e0ec45afd490d367022893e3822c09d967d06ff28748b5de3fb33b071b73c581bd893b6641a72cd5db35540b904eae19765cc121ca4dc9404530114c3369fa80d20dd63c8c09559c4be48aa26ca77b47579dc52fdf0eb2f2db84ab688b87f63097140aef65410fcd7a81c2bddb2c92f9d67b2e46647aadd9b85c9e17ff8b579cd672708282981ba54d854e7c9a1de66621845ae2d337a90025ccbdd1b0d695790b1f977b1e944bbc04d16a9a399628bfb33f98b40e13567514d8ce0b23340803718ea3da44fa84c923f2a85ba21495c2f9541cbe8cadc0b230b1b942e934eb4fe95c3754a77a09641ad730a550fc24e
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11625,6 +11650,7 @@ Entropy.14 = 5f72e390aa960846a0004d266e3741b6fe0aaac98d9d87b4cbaaa7a2af0d0bdf
- Nonce.14 = 2074991cf0c22cd34b2de48ea1f9ec66
- Output.14 = 7bf54b69e455c7941e8e24ef59b5525dc1ed3b7f934333713b9dc305dcae2cd1b74648149e04bb4f4e00b110926a6bfead7adef954b6d7e180ff820192677efa3c0c8af6a3e201d8d555cc599cdd2626d8778ea2c7a2a8e0c99e719929ae9ac4fb9a7e5176da8987508d1152909f456a4ce9461188e264cda1c879af1a8cca6c182e73c164986cbf07f441756791fa1fae40b784800335d94b0b54135831044bf0cb5dbb5c0c71de6b6ae33d6b87782d34be3cbc2991ad109d6c0440916d91baf96c4375ecdc9f09dca79671a45309c408062cd08ee623c8de007cda3b3d110425d7e8fee13b2a14215033d9ea2397cc6b5c995f37273a00dbcdf9437bc77857
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11705,6 +11731,7 @@ AdditionalInputA.14 = 97f8c1e98fd25289be846d80f667341a095dfbabd610c691ad6b2b901c
- AdditionalInputB.14 = 136912d2805ab8ffcb4e7d6a81e37e14b7f7bb65dd0241d56f11d7c72dd5de1d
- Output.14 = 2e1f4954107f3654f51024f032518ba91512c9d8005265ff35248487b8c87d8862b8caaae27898a22f9ba7a0297fc071ceb6a1612bb99c0f15210a11f5a0725158832996f15106a7c43a216f90501c0dfb36933be940a875d4f6b0e5c29edb01614a26cb3ff7b906762fd6435eb7cec8c88f5fd7c4d76fcb018c08987108117c95d4d35c1c59efc06358c7abe7a73012ae4440b2ec86c3664e5549b8b0a30d6c8538d6e5151f9c17f9ce026556508b8b3d926e4364839bb526a94c7d8abf4c1241cd844bc6227a01d024affaedd4701129fb0f9b5ae853c7085ca13ec78ffa3476ddb1c1e71942c351c3ce9a855ccfa4c3c7f92b59d5b67e8eab16b699b7ed5b
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11770,6 +11797,7 @@ Nonce.14 = fe9dfa1b683fa9cc70b7c7f8c81185b2
- PersonalisationString.14 = 7e86cf4111fbea8fa9b180a1bd9ff3e9d233304b1d293adffa49ce8e77f400ab
- Output.14 = ca0a6268d034f6817edcb6875b4754b5e9b2061ce0bc2bcd27c28065d8258b40ae63bf6d1e15521196da0afea8139c10d7bf3b54694a82d24476c578991fce1371e40b78087d95b1117650af7134567513a017353bb4af85cdc98db757cec9f92df42b7323b1e5d05387debb02750683a5553bdfb5f9fa34e14d29e09ad18bc6ef2380c173a19631abde085369ff47fa8b4fdfebe13b95b90c6f5841fe5aa6334edcfae26c13cc5d14d17a02d684b64bd55841831bde4c75de7d49bdc1a405d4e3e0d327bec44644e972349a49cbd48a4d3b8e984f5847ffeba950fff55bba9b287d51d8475f7799752208da31d91853fe6d04d97ea2a33d53b07a4fc787be2a
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11865,6 +11893,7 @@ AdditionalInputA.14 = 91e14e178a033e26e6f6a0b0f3890fa46f83731a14cf31445c51a92166
- AdditionalInputB.14 = 20299371a1de6f994260d1c59c1d3f731d8f70fea6e9389b3ede54d47594414d
- Output.14 = 1b4efcce136b40bdc792d1607d4ab4fadc10d5e2b22eacca6f412d3aa1c60320bf825778e7ff8296db9ea360e068350f90d7d4947dc9a2e2a4074653458784059ceebf2a97db0e4a29f7c6107783fa3683b6846b8c8ce7161082405643bb84d602c6c36ca79b2b6562417f0d15f46a4fbdc445d50935f49eedf01bb131d104385369fdf88d91518618134a37c5bf73140400cced73795910ad0d2a89db2d79355ecedbcdabf135219d2afd7ac28cd7e45c6fd4e913ce5d464fd6de6e4c62b76ff86c28b0ab27a3c2622cacec075c790a7ff2f57f99ccb89c590a1dfb5a1862200c9cdf97f94eef18ddc85cf9830be662cec1885a629a6603add9396fb26341d9
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11915,6 +11944,7 @@ Entropy.14 = c5ebb2ae08a03815e496c2db1e2a650b40893ea78fbd7ca8434edcde4432a43e
- Nonce.14 = 0cede46aca7d2a60f2e98eb3c7d1dba7
- Output.14 = 6d8eeb5ba130de7dca993b44b46e08894fd84ab8c347992aeeac56ce5fb5f435bba92f1129aaf9b3035aa117301a1289acc222cdac043dac58b62567102dd5a57483d79fd703e188a0fe47254bb20b361281b5b8cedded86ba9b6d86deb30e539eb7ee007131ab2af99408f38ec7fd66bec4f1ed71251c149dbf8393b6dbe96cdeb9a3b5ee065ec8636444e72339ed2cb27fbbe5421f7f141940d6fa1cf570b8dd0393625ae16b10df2f1f6fe35dba15a732357dcdf4f56abcbb47a4640dcef618e27d049e27f2af7b8634faad00280e004cfe3f52d63185eccd6c4937a026830c38e1ed6aa9bfeaf739416706f63bb8b1475ac25d734db28e39163aa0c69c52
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -11995,6 +12025,7 @@ AdditionalInputA.14 = def9d8f7b18023b69c6cd4121c0adbc2a89b3ca37333d4523261d5eb20
- AdditionalInputB.14 = 06051dec796525094018b436605bd2ddd66359a2836a5996e8262bb7763fadc0
- Output.14 = 29e8184e37a5c26670bdc95c842c602ed8b0cf102ca144133e8cc841e1dc32fd038a72c26b8be8a568db60a4cfbd52b0d8b74cdf180a4931d6dd19a255104db105b3366d75e8f6afd0e5fab4dc14f6deac82e7703eb6a61f22b79bdad8ac7fab95a58a71f80fa510542615c305f7cbf84790060f17e7d78ab5d4b0ca34fad47133a0627b803c1caee3b97fe47626a8590672e2211f39cbe1b79d1999fb772b884122c8e50c59fdd3de13a53e805f40f8aa35501571a4c4cce79a8f738e60a43a11afdbed94e26f474ba5cd6ff5cdaf00d0fb84109aeb3510f1ea576c70ae78cdd0415a0521f3ff4083f9160011dcd6e2802cfbbbdfe9c4a3b114dd47b3a6cddb
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -12060,6 +12091,7 @@ Nonce.14 = 7b9a876017e5e14bd6a19719c73035da
- PersonalisationString.14 = eb97028b093f820b182384baafa56ecf196dc11ebc515a405ac24f73e465ae9a
- Output.14 = 3791ee66e505257b0bebc4319897e80ea8a70577b8a85d809cc7e4c77a458e8517368e2eaa7c0623b91ab3ebc4de3240e00e5f0cd20524d73b8000f00a3cecf869bee26763db9689dfaad9b5f21e3975f750e0c6b694d7df35fea26b2ff3c2bc679b5ecaf129320dde8245677aab9fb54b8faa97d394adae687a35b00f026430ef29bc7226957dac5edbc4a70dc82fcac00bf89d97e11d2a3e6ecfc4af4536c329ed3f4dda201db47236b03f30daf71e6368a18ab6224a023fca2ead589d9ea165d66fbce2b37a630d18ef1c97a619cd8949f16f44a9bc0f5837737d7fa4355587af5ab452f53fb82dd8b8b4706cf04e77938d7e0c3a9744c353edd0c6931591
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -31145,6 +31177,7 @@ Output.14 = 01f11971835819c1148aa079eea09fd5b1aa3ac6ba557ae3317b1a33f4505174cf9d
-
- Title = Hash DRBG No Reseed Tests (from NIST test vectors)
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -31195,6 +31228,7 @@ Entropy.14 = 6fe9597b59903b1af4012a15368af7b1
- Nonce.14 = fd3e84b3a96caaff
- Output.14 = 1eee4c786476d488e58d0e065bb025db548787fafbe757f29ee2bd4781cf69216091ba2b68919b54ad3070ac72a2342320eb1e697b9115acbe07e194d060562e4d0fd966ab29e2c5e560574b2dac04ce
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -31275,6 +31309,7 @@ AdditionalInputA.14 = 93dc424bd0d266879601745a23317141
- AdditionalInputB.14 = a17321015d327c5dc0bc1e130aad81ee
- Output.14 = f682834b5b492e09ff8e0f2c80683b032a3b262d16bc609c550dc0e74a4b7d8ebc0e3b8f2c9970d90aec9a82497dded20422b17b9e3cc3bca771cbe717ddaed5a7a6ae2601c7f765eaa719b71624e83b
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -31340,6 +31375,7 @@ Nonce.14 = fa9adae924417150
- PersonalisationString.14 = dbad22c389c527715d21a5bdf38c1fad
- Output.14 = a18d57e672218956e6c8cb9901d02888f3587177c3e11e1a99ea72370347b953a9f122c9446dfa109723b27f36fbf15edf103a56741c24968592479cfe30bc0053fa7b9818e9debcc494db64d15d038b
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -31435,6 +31471,7 @@ AdditionalInputA.14 = e488e16f48c61dd2152afe925eceee92
- AdditionalInputB.14 = 12c692abd90ab485f4d9499680a6893f
- Output.14 = 8ba04617a135d8abe0c3c0a170e7472e7ed750eac706e5c3ed8305d6f6f8a1a53e0c52d4853b21ab8951e80970b426008ae11952ff364817b6856ef0810860dc65faea487b5d7c3f3d63fd443756d2a8
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -31485,6 +31522,7 @@ Entropy.14 = ceb354444d1a29c0c3e8a1cc24d02846
- Nonce.14 = 86d3fd9fc51f8b19
- Output.14 = 6f90ad611987a37bac54bea0782ac78215b7d17ecdd3991a81a36d0e263c6f0dda2c102cfba56b26c7b74b5dd2548be9bc81c7958e9d19821583c6f388132b9e19ae7609add9a296c1e92d66a2ef5464
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -31565,6 +31603,7 @@ AdditionalInputA.14 = 32d09b604a65dc8daa35cdc34141b751
- AdditionalInputB.14 = b8186a294c7824b7c550c1054badec00
- Output.14 = ae9a091cfafbf0e74c2be8ad4b984e824a24e65ba7610b0f3ab1750e2f12de1620db6bb8c493b3d8b06ab78e69cf2dffd73d4322a67ee7725aad84fb458b8f26cf04846850202e53c874213221e761e5
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -31630,6 +31669,7 @@ Nonce.14 = 8368ee0e29d35c67
- PersonalisationString.14 = f189a80d5619f53cce878ed57522a468
- Output.14 = aeac5933065c33ce2ace2531a193e367f73c83fc328f61ee2627f6f3841914c6b8a3ff767f96b3c3b685bac931af9ec10c6f3efe25b5109bb647b120e3a3f6971a4ec41f4ef0c7a900fdb09d7ff3b247
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -31725,6 +31765,7 @@ AdditionalInputA.14 = af578fbbb8a830947e9b4e2c9e729336
- AdditionalInputB.14 = 5a69864ca39da1ba4719dfe1dc850a4a
- Output.14 = 8b846f03cb66f7e49fdddf7cc449a5f3f6ccdc17ae7e2265a5d0e39ea10fc3e6cffefc04147b773a1584e429fe99e885f278aff74a49d8c842e7ccd870f1330692fc9c4836dac5046c544be74652da26
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -31775,6 +31816,7 @@ Entropy.14 = b7ddb82f5664834b4fb17778d22e62f2
- Nonce.14 = 52461924becab175
- Output.14 = 8735d06e26814ee54b5daca4e1da3e321a5a19b062ec0c3afbe3b16f23332a687fadb29e65208130c3d667c075660ff70aea96430fee254c472686b8e82ca359a57bbdc3004bb3eb641c1f97e4b19e02
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -31855,6 +31897,7 @@ AdditionalInputA.14 = 7725ef70592c362d70b088ed639f9d9b
- AdditionalInputB.14 = 5ab2e0067c3b384e55a78492f0f6ed44
- Output.14 = ca095da39d9c21d7da073d9c95d2e415503b33c327d739f1838bbea4fc6f0254fdaf8ef6152e9263f46b864f39c7104d1d337d99fee588061152e623d7e00a27e03b5d16fe6e543453a31d4dafeda3b5
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -31920,6 +31963,7 @@ Nonce.14 = 4e838a124e4b53df
- PersonalisationString.14 = 163e393b290a4d390ab0beb392f52d26
- Output.14 = 76234afc296ea36a44254f999ac31fca258a24427cf4bfe2c54495fc41478ec4a00b540659b3b9461cc6188bc1f57c19ae414bd18aa81eca7b9d765a784f0ef24335e46c2c77b8dc915f5d12c26bc653
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -32015,6 +32059,7 @@ AdditionalInputA.14 = 27486f8dae1b36462639ff7eee869a29
- AdditionalInputB.14 = d1bfc7eabd8eddf622297012169f351b
- Output.14 = 4c893c3d1ed3a190fa88e159d6c99f26a02fb5fccb98bdef9fe43f1f492f490109224ba6c317db9569f618984409f2fb3db0b1e2cd4b95746f159cca76f1204f6d2a4c455c547a39a5f79fec95c8f4cd
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -32065,6 +32110,7 @@ Entropy.14 = f484b922f492d19b58407c242ab90e76
- Nonce.14 = 8952a0a4b666b0c8
- Output.14 = 2d77235fa273cab3c1bb176d44817cc25300b3f0172a0b5aaa66b282c015d426edec5f1ebbfc0269956b85994167992a71002586923ea234be6c5df09f47d89132e440827b89f7ff97e032b3f74fe32f
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -32145,6 +32191,7 @@ AdditionalInputA.14 = 9e3ea6eac120d663e330d282ca9b9d7c
- AdditionalInputB.14 = b8d71fce7779a9906b9790cd1d4e48d5
- Output.14 = 63d28a300a329ca202b98498c9f46912620bc85c246f034dca4186cd9b0e0810a363785878effde90aec8cb584862524eebf940c44fed21cb580d4115f3e0dda07e0e4a66689c2ff3e9b87edfaa4d051
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -32210,6 +32257,7 @@ Nonce.14 = 7239f92b63fb3dbe
- PersonalisationString.14 = 8d2e2ca3985bd2538a71f02cc3eb5568
- Output.14 = 0e4cb328c03faaedbec7215725851069bceae4332de6a70e3521dd065f2f7923485969571ebd7f24be460fd901c6b3e356da6ee5262ef2d76ad14eb0f697f8fb92af2f46630198c5f7018860886147b3
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -33481,6 +33529,7 @@ AdditionalInputA.14 = e5c633ca50dcd83e0a34d397df53f6d7a6f7170a3f81f0e6
- AdditionalInputB.14 = 5f0beb5a2d2968e83ba87c92bfa420fd6e8526fbbfdea128
- Output.14 = 8bec11df1022aa50d95daeaf23d78d6ee45c43c5768b90181e106c7df8ff333d7cb87ca1ab83f8742370db1c8c0c0c22f141ff4de33ae8bdb14fee7e6c069819320629c66d94c7c97ff52930a3c1dcd501b60f0f84bda4720ee187ae858a6e068326eda5809716e366d1b608c61b0100
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -33531,6 +33580,7 @@ Entropy.14 = 1194beb668839c47c73e7516f9ba09d23dec3553b3b5532f75b260106dcc2abf
- Nonce.14 = 3c8a77351e93065d584feeb08c8424a9
- Output.14 = fabd48bfcdd07968239fe538c2d8c9bde2e257b9b244078f39287c7ee90de167fff56a693c4e64f45081635511b5fd031c0270a31b4a014e44c0516a55ae72345aa11dffcda4ccf8cda50f6948d5ae425d8d53ad5c74cef1364277990156796e1c5dfa1ef095c0d8983477eb24241135760b02c86c86d4ec3627edac8c1a7e32
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -33611,6 +33661,7 @@ AdditionalInputA.14 = 626385595bef7103af0af700e1df048d7572286af709289b7894d2ab09
- AdditionalInputB.14 = bfe8946dbf27d3a2127ec600351c3920d2531eb9419408233e0a888059b5eb68
- Output.14 = ee6d07661828213e6453d94faaf76345c70949eca4965714c350313b0bcd8e079e6a07f8b2f7a91bcb7ef39a61568fd1c40ab78f154b3582f830095d571de29f81f9565e46b560d34c32bff55341a991f8e863bd9242c7cdd366be12538bb6922f1abfa19e7998aac61d465fc46538ee9142acc66786f4516ef4105fe1d80372
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -33676,6 +33727,7 @@ Nonce.14 = de2186bafa82b0d08a0b8215e3424512
- PersonalisationString.14 = d96db27febe22db935b117dc3068374e39c5b2119b497e3c1d858ef649e01de5
- Output.14 = d04435a8aab397cfcee5151f7aa24298ffc6eee4f577cda42d5e154b8d28cb2f0f945f11a15ed5b76486c88f03081cfd262d94a8e0b332e3c9c608461dcc8eba20d7db209810d25c226fda9fe218022a9b2c96876cb16c06c0553dd84ce57e20338c3d3e03c59ce22e668e25c2c50d5cc9afab91f50a28680964c2dacb9d2fb3
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -33771,6 +33823,7 @@ AdditionalInputA.14 = 5d9446eff72d59529a90b498d8f40983b3b2904f63664fc0aa1de8700d
- AdditionalInputB.14 = e19707aafa391e8622539d52a05d930292bd0f7c17825dbed5fb7a2f8734081b
- Output.14 = 6ce2ae37349cbef9ebd1f9b85485810a22d430d94abf66912dd7b6cc751400e777be2f1cebc19d65694a456b2c6429cefd95eb934030846708d50be3b274c2f7de299f3c311038491f271448c7d02ff51de048fa1184e8ee06b7b46a9f123daecbebae4a2183dc8eb6976abf0dae7cdbea6017cd1500f37dfadcce0c1956ea87
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -33821,6 +33874,7 @@ Entropy.14 = a7a1dbf7f828555610197e71e0ad563b8691589c5289ced03e9ef83b6f9ff938
- Nonce.14 = 4274788c5d80e26ec1ac3a57b9c7c0df
- Output.14 = 5a907a26c1ef588219d4c69fcf4c5c283ab148a77588a40b323bd24e6dfb29551c4b6116c4d61349f5f8bd9ed497f38b239c37283902beb3c9700c768fa289ee4573f92316efb860a5ca4267b328f03c13138b774b4b9f7516003a699f7a0854a0efb045a5932753a771c2cc6119202b33336f10edb715bcce1d20ff503dda01
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -33901,6 +33955,7 @@ AdditionalInputA.14 = de1bbca12357943b4489cc7209b3f063b51b91acc168ec5e0ad88048b6
- AdditionalInputB.14 = 6ddd9aba4f100ef902ba50adee53ef44a4f45564c13e774e69557e36a357e7cf
- Output.14 = 544ec80a966644454886fb97a0f05eb6a4a25fcbce795b5e5b27ee06ba14b7de18dbf54f80a670b87c76c336ac9af16c8958ad6c1bde9a97aa4c1ab5823d24a53c64f6766ce6eb9b7085cf7282499c37fc1e2e825f53bc357bf36d5901e0ae93cd3bd821fa18b5aa17548560f7ad6ef38124814fccf9b2b89de61cfc27c7269b
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -33966,6 +34021,7 @@ Nonce.14 = ab7843b73ecb4858f2cc5e9dfca803ef
- PersonalisationString.14 = dee559515084d8ac49c3803f09f3d5fed3b307946a2752c267677f22786a0125
- Output.14 = a12f5e8ea3bb174934c15e5d114ba615da33210c98c38d7fde4b5aef9aecdeaef311d929d7fece7fee11db67134c3326b413b8dc17766ba4fb881105db68688b148fd95d812f6538b14f25afaae84d39025336136d270bd643f2a6c7164930372fb1c8f4f0dab60283e9d8d3440ce8dc66761c5d5c4c13cc3a367feb4869b559
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -34061,6 +34117,7 @@ AdditionalInputA.14 = ead8c0dcf4ddc909aab96eadab509a46908ee5f090983af609f08d8a8b
- AdditionalInputB.14 = f357bda8f2048929a4e31969ec978cc333d58b4fc09a8aa1b73ec9bdfaa1a8f6
- Output.14 = 901aabb3f065be08e2f8072d5d3ffcb28ab291420644e407e7a6a3346b75a5be535bdbdd5a8245998689450292df877233ef0783e0bd1765413193790995d884ffcb2c8dc35fe4cfc12def2f091866d735b1dcfc9d8d8c26903d50e9397b1bbd674bb81fc908361b2bddb68f02031d87588cc3e94210422674e93fea6a5329af
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -34111,6 +34168,7 @@ Entropy.14 = dfa94c198483c5daa046f1dd1e4e83f854fd6c5cbc3465f671bdfd36837779ab
- Nonce.14 = 298de64bbd817d009a71c1424ae839f9
- Output.14 = bfb9a54ce31406a82608aebc826441f8f633813a0c3bad723b802f3e905a6ee3512ff3513062aea51f93be17aebf1cfcd81868e85db3db9aa98680f974001fda8fe6a644f5efbb9d6e52e99ff606ef1ed7cd3b17fa6c6844790ed58da6df61aba0c200d7dff943588f4520891798098bddc65797b2f99c05efa090c60dc48a4e
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -34191,6 +34249,7 @@ AdditionalInputA.14 = 066b072d48f6cc6bb00273e0bc0ebc086235fe79af1fbdb46318f56c62
- AdditionalInputB.14 = cfb58f59c6d56993b9f0b5ba1643554072cf4ae8013c236120044ae909083f5f
- Output.14 = d5dd7f55ffa7d53fc0f679cddadeb869f39b29a6d394c9f1185b11ebefbcb43419c6a26ae3c9ab9d456e2cdba1aead05e67eabd3596526ee431ba7cab7f94838062fcec2363cf0e19849ffef30064263b3a059ce38aa02c2729bff5af9450e035161816724163906112205196c642bfd70f36abb4639fd6e4f7f6a879ebbcc62
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -34256,6 +34315,7 @@ Nonce.14 = ea7d3c3b8f6da0667d7f0d543c68d7d1
- PersonalisationString.14 = 86c20a7e794c887898d5bc00e98398276a4e3ad8d674fb808a63a44330490d2b
- Output.14 = ee8e21ff48af611a17d33e130f4e4224330efcc1402b6d55aaf1f514553b880f18df68c0e4279854eb2e9b904c552f69f0e1badc347ebe336b70456f221e07a2fc78df72551d99df3755997029ee1461e2b6e396370096d7e8c2dfceb73214a72ae2b25ccc60b92dd71988eda811ceac4b7c335528249aaf82826a14c142007c
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -34351,6 +34411,7 @@ AdditionalInputA.14 = ea12ddcafa4f578b8b43337508dd8627844d185b10af7de7e907d113c6
- AdditionalInputB.14 = 0cc670275cd2b0eac5df123eb1fd73c2f2b093b76806943918cf49930fa97515
- Output.14 = 88dc727007c0e03c8d27d00c87876f8990b271964a5275f636ecd7f18cac9c869e5f9df5fb2d34e7f89c2e9819af562a706a03d9be9318896f5ab16573aebbfd94a681cbf27e7202b8674437667893246c267785d0deca5033de88a61bf5158177391c2e3232ea6f812c468d5629ed9f89ad0bec0f6c7a469f56331f9eba1cd2
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -34401,6 +34462,7 @@ Entropy.14 = 6b9f904ac4b16d36e06a1bddc501d7ef98d5685c1ceadd0a6e1622e0c1e73716
- Nonce.14 = 4a42f39e5a241a2b96db29055159c91f
- Output.14 = 785014b0460831b7b67346c6997217b0f6c8e7313687ea6ff4d0b09a0786bd6ac362a0b1ddc6ab8c9c624625a379cbec7f11cf30ddab23cdec054b986175cdae0ca4ba4610e0711bc94e9ab706539d5fa2c1a4fd3cd49042696b58dce465f8e09a200e7d214cda357021c62248a01aeb95f8ffa8bd49d354fdccf4c71eec3491
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -34481,6 +34543,7 @@ AdditionalInputA.14 = 147d51711ae8a420f165db0000d9d0cb9e9cd5447311eed43d7cc9217d
- AdditionalInputB.14 = 2910968bb1976a1b8ced116e673f408da6fc563695c918ac0a230b0bb800c707
- Output.14 = 357a7269b30ca744e213d894f5c45d0db9fba897e0c863a56062f5018ad9be9f37b8d550014ed68f2c34bf5195c0b7460df171ff3bd4a590578670c92470d876c8de19d48a6d7fa15fc7996be78d3cc8a5c657439f4bb9865bd56e187d5df2531a405e3e0f4b87c611aa8e226b8b0266290f06f8062456a7a4bf0896e4ddd948
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -34546,6 +34609,7 @@ Nonce.14 = 66ad2a0d5de624f3d709cc95e5c99220
- PersonalisationString.14 = 6f7f8f1ffdcf859adcf6020d5cffdd8e3e1bdcaef0b22e9e61384b888f1b3537
- Output.14 = 1bc4cd76787f031df8e4f592f56a845f7d8aa200aca0b910e68f149cde112d0f1e127faa7fae25ca4299eacf9e49e132f3e4083f1c5fb0304b714f06cea122bc1392cbe18289d2411ae08642a9196b654a8b177c127b9215f9df815eceb254b8d9b4f632d25d123ceec686124e58b3606ff1ce51fce0752f42232c03694a1d8a
-
-+Availablein = default
- RAND = HASH-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -39331,6 +39395,7 @@ Output.14 = c731cc7b21c42730bd3cca61fc5250b507ad08b24ac471d526f2217f15dc4d1fea85
-
- Title = HMAC DRBG No Reseed Tests (from NIST test vectors)
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -39381,6 +39446,7 @@ Entropy.14 = 5d80883ce24feb3911fdeb8e730f9588
- Nonce.14 = 6a63c01478ecd62b
- Output.14 = 9e351b853091add2047e9ea2da07d41fa4ace03db3d4a43217e802352f1c97382ed7afee5cb2cf5848a93ce0a25a28cdc8e96ccdf14875cb9f845790800d542bac81d0be53376385baa5e7cbe2c3b469
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -39461,6 +39527,7 @@ AdditionalInputA.14 = 7206a271499fb2ef9087fb8843b1ed64
- AdditionalInputB.14 = f14b17febd813294b3c4b22b7bae71b0
- Output.14 = 49c35814f44b54bf13f0db52bd8a7651d060ddae0b6dde8edbeb003dbc30a7ffea1ea5b08ebe1d50b52410b972bec51fd174190671eecae201568b73deb0454194ef5c7b57b13320a0ac4dd60c04ae3b
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -39526,6 +39593,7 @@ Nonce.14 = 296bfe331b6578e6
- PersonalisationString.14 = 4fccbf2d3c73a8e1e92273a33e648eaa
- Output.14 = 90dc6e1532022a9fe2161604fc79536b4afd9af06ab8adbb77f7490b355d0db3368d102d723a0d0f70d10475f9e99771fb774f7ad0ba7b5fe22a50bfda89e0215a014dc1f1605939590aa783360eb52e
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -39621,6 +39689,7 @@ AdditionalInputA.14 = 4de6c923346d7adc16bbe89b9a184a79
- AdditionalInputB.14 = 9e9e3412635aec6fcfb9d00da0c49fb3
- Output.14 = 48ac8646b334e7434e5f73d60a8f6741e472baabe525257b78151c20872f331c169abe25faf800991f3d0a45c65e71261be0c8e14a1a8a6df9c6a80834a4f2237e23abd750f845ccbb4a46250ab1bb63
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -39671,6 +39740,7 @@ Entropy.14 = f41d60edb7749acb68111045000ccef2
- Nonce.14 = bb5fb8962ca3002f
- Output.14 = 262821119be1ee0bceedc1bcfd04f7fa2e199b2a7522c4a3a98c4174e0ac4ddcf7323dee2fcf9fbd2fe26c4fad347f7199be105730441f042865aeef50b89c00aa661361b6a1f20849bc7c70aa294543
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -39751,6 +39821,7 @@ AdditionalInputA.14 = b4894bbb6435ffeb710bf5ae440bd744
- AdditionalInputB.14 = 689fb48c27983ededdd56d5a6b2c0345
- Output.14 = dfe8a9e17b938a1782fc3dba4f234dd9c9e36b67b28e1d901ca6b3628689aa4d2ae6b005ae3ce97e0d1e645da2710162294606ce51638b91e9c46d8f7f4f1a217e44c36b560f78b0541fececcf49b9b9
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -39816,6 +39887,7 @@ Nonce.14 = 3c9434b7d7e18472
- PersonalisationString.14 = 55bfc33da17f712877829b7f8a134e55
- Output.14 = 705950e4790ada95b99ace57e31115610ebc65d755fe587eae8fb1aeae463bea8b50a278f45e61d3433272ec31b0d48afcf219f5f4a0adb20537be9c7cb65911df28976aed4b4278cc524639a1ca5f40
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -39911,6 +39983,7 @@ AdditionalInputA.14 = 7ee4f3670c4671f128cbd743c408bdd1
- AdditionalInputB.14 = 38f8003e8fb8c119534a2c3400a87f8d
- Output.14 = fedbb1636b83c5cc5379c9aa4d1319df6d30770e469c2f7bd65b4b74d9bc880d520e11b2c3642a7c4cb6d6138d1d92f716317dd762c0a841e56e7e0226971a7f470e918d44b4f374f9e7e3b5209516d3
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -39961,6 +40034,7 @@ Entropy.14 = 5b6aaaf5c4e5acdacd2c0c14648eeb3f
- Nonce.14 = 353cc1174da7f766
- Output.14 = f7664dd99fb870dad1a45a4ddb870c9936fb42b3a063336e447f15703c5a95dd79eacd9f41cd0c1b4f2e1a45229aca140f463c1beab47aa0525e5bd6e1accf360bc8525430ba05fd14d1f008009fd586
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -40041,6 +40115,7 @@ AdditionalInputA.14 = 4eb5c1192fa86b355237b5a8bd43ebf9
- AdditionalInputB.14 = 7323d1a6f983b7d16df6b0aa9d14adb4
- Output.14 = cd41a0d7371b2eeb790fa8335660385c418ba84507ba94d1d1015b3353cdcad556993c19388461fd2cce38cc9fbc00e707b18dea9d712ac0616b443b23aee8131c295a1a741ffde36b2032bdb8ae2f6f
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -40106,6 +40181,7 @@ Nonce.14 = 9bee7502db25ae7f
- PersonalisationString.14 = d0e8fa47aed6b67ca4e8e521f733921c
- Output.14 = 3c649d295fd9b98082706f3f841f5275834143698c202da4c881c7d0a3c9995329a54d440fc4d21ab596e95e5b6651c6e7138b332c97ef771bc6e3b0b3fa09090ffb402ed1116d8395e5f1cfea3eae6b
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -40201,6 +40277,7 @@ AdditionalInputA.14 = d56ade0d74ea34577eb12a899d18d382
- AdditionalInputB.14 = ea83bdba8490ffd136def5f7d9240c59
- Output.14 = cd3d8174d8af97387ff02707d2757ce685ffb5d8dd91d95b8af4a3a757f9321b0e908096cd1321de0599640b7d81f43606b12e029ae158ed568ce1db429be75285c655e15f88da859f09b4cd843a0b61
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -40251,6 +40328,7 @@ Entropy.14 = 1c3fc8de26ddc78651c9c2e4ba874ee0
- Nonce.14 = ca6a2d3cc5495dd0
- Output.14 = d00ff8d3b8ca273cf7c3650e36c892018c0f765da45ab5b902c5accb30ffe01a99d3b86752195dc9aa1232fc852790ef51860fd114bdc78ae02acb5ab2021ec726829591d623b0b66329e641c1f915ce
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -40331,6 +40409,7 @@ AdditionalInputA.14 = b180d77e0ef217268d2d4dc9d4a9532f
- AdditionalInputB.14 = b192957f3e98f7595768d00834eee1d9
- Output.14 = 7d4791ccae7980ad19e5d8eb8932ea8ea1756710349ab8b771558cfe471a278dcc263b737486179a4ffad12d5311d23912c3a46f07152808d288be2dfd2b315fc4f6df6418029be52daed643dd3c6110
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -40396,6 +40475,7 @@ Nonce.14 = 84f7310a7ab653e6
- PersonalisationString.14 = 0fb2233c2cea27d17b6dd93bc4621285
- Output.14 = a2f373a523ac9f2524b059d0c23bcaa905e15948c7ebf71b6e82150aef562dae4003c1a8a3748cfd553d9a51a8f9450b9d569d96d897fed50eee23978e49b364c64db63fac9dc0fe9e8b58836aa04a74
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 0
-@@ -41667,6 +41747,7 @@ AdditionalInputA.14 = a58757b98280d90e84d6cf4e2fa89c01a9e6aad22d6cff0d
- AdditionalInputB.14 = a3f5de1ec6d0ccd39fa153899f0c1a414106a2aa182acf31
- Output.14 = b1797707f1217d81c8463b44957df350dd139073b056c50d1c912fa111f9cb488bfb7d2ec6faebd078171cd6b71171ae33698ff96c7225d7fd36ddcfeb2630464974d12b3e03877bc73ce1a2f89aea7ff7ddc8ac85708b35dd94d3972875e2d3e7237ec33871e99301202b52e2ff89db
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -41717,6 +41798,7 @@ Entropy.14 = 451ed024bc4b95f1025b14ec3616f5e42e80824541dc795a2f07500f92adc665
- Nonce.14 = 2f28e6ee8de5879db1eccd58c994e5f0
- Output.14 = 3fb637085ab75f4e95655faae95885166a5fbb423bb03dbf0543be063bcd48799c4f05d4e522634d9275fe02e1edd920e26d9accd43709cb0d8f6e50aa54a5f3bdd618be23cf73ef736ed0ef7524b0d14d5bef8c8aec1cf1ed3e1c38a808b35e61a44078127c7cb3a8fd7addfa50fcf3ff3bc6d6bc355d5436fe9b71eb44f7fd
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -41797,6 +41879,7 @@ AdditionalInputA.14 = 4f53db89b9ba7fc00767bc751fb8f3c103fe0f76acd6d5c7891ab15b2b
- AdditionalInputB.14 = 582c2a7d34679088cca6bd28723c99aac07db46c332dc0153d1673256903b446
- Output.14 = 6311f4c0c4cd1f86bd48349abb9eb930d4f63df5e5f7217d1d1b91a71d8a6938b0ad2b3e897bd7e3d8703db125fab30e03464fad41e5ddf5bf9aeeb5161b244468cfb26a9d956931a5412c97d64188b0da1bd907819c686f39af82e91cfeef0cbffb5d1e229e383bed26d06412988640706815a6e820796876f416653e464961
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -41862,6 +41945,7 @@ Nonce.14 = a59394e0af764e2f21cf751f623ffa6c
- PersonalisationString.14 = eb8164b3bf6c1750a8de8528af16cffdf400856d82260acd5958894a98afeed5
- Output.14 = fc5701b508f0264f4fdb88414768e1afb0a5b445400dcfdeddd0eba67b4fea8c056d79a69fd050759fb3d626b29adb8438326fd583f1ba0475ce7707bd294ab01743d077605866425b1cbd0f6c7bba972b30fbe9fce0a719b044fcc1394354895a9f8304a2b5101909808ddfdf66df6237142b6566588e4e1e8949b90c27fc1f
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -41957,6 +42041,7 @@ AdditionalInputA.14 = 288e948a551284eb3cb23e26299955c2fb8f063c132a92683c1615ecae
- AdditionalInputB.14 = d975b22f79e34acf5db25a2a167ef60a10682dd9964e15533d75f7fa9efc5dcb
- Output.14 = ee8d707eea9bc7080d58768c8c64a991606bb808600cafab834db8bc884f866941b4a7eb8d0334d876c0f1151bccc7ce8970593dad0c1809075ce6dbca54c4d4667227331eeac97f83ccb76901762f153c5e8562a8ccf12c8a1f2f480ec6f1975ac097a49770219107d4edea54fb5ee23a8403874929d073d7ef0526a647011a
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -42007,6 +42092,7 @@ Entropy.14 = 17da1efd3e5250dfde3ef1683bd9cf4d4432a2f223399664f7645763bebd5ebd
- Nonce.14 = 0b160c67b97d5302972b5c517bed5a7c
- Output.14 = 859bab959dd16f2cddb05376b3d3e46cd13c191c18203bf3c0bbd5803cc559aacce48d88564166fd5f43c22d08cda1acd8004f36915739796a39ca96f8e7def14b58a8ee55ff72de7e2e2727389e027657447e32e47d4ea2f0fda48e86046d111cc334bebf4ee1019199c94fdb26169661cec0b0c47176cb5fb7aed8ad35afb1
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -42087,6 +42173,7 @@ AdditionalInputA.14 = 50687524beffed38fe27963340483886645153311dbd4d10d86e7d6b26
- AdditionalInputB.14 = 1e3ebe4a54c3092d540ad2898ec3be1af84a1d515c013632402ffdeede7caa8b
- Output.14 = 007139a46072d9dbb6589b8ecf5f287d3aebb13b480ffcd6e95f0b2f916cd99e75f30a21971298257a80c17e9e41f8e0874dc9da8f6c18007a6e4cd5971df083ae62bb7b9f1bd4926f17e5574535f6009c0068b4ea3a50e2ba6c6aa6c7729fbe8ba58b4b795740ff6ae2f3d6fbe3e06828080cd1dcfb11771ec98ad9e0bac0b7
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -42152,6 +42239,7 @@ Nonce.14 = 2b653a89e549e3b1ee7817f5864fa684
- PersonalisationString.14 = 814146b3b340e042557b0e8482fcc496a14c02d89195782679172e99654991ed
- Output.14 = 3ea100cf50c25d7b2ef286b5fa0720f344de2d568979e7349befa23589083e835205cdf6a4670722fff04260e54618c9c00af75cc26eee665b64e7e628ec4c56a8086dcd583681170f60d565bd97d0f416e4c231e281081b0fcd16c8db63ea9029abbfcb068bf57a36364aa9e27603f447adf337baa35f049a129abdc899f808
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -42247,6 +42335,7 @@ AdditionalInputA.14 = 95f6df9905b652de6d08399f61956acf943fe412bc71de60d6b69881f8
- AdditionalInputB.14 = 87b818568ed80f7c2e8f5b5d7be403f8badf9fa0e716aaf1d6409957b242aa07
- Output.14 = 45b5182f313a26008bb4ab82f68a12e7c783c243ba1ac6d8bfaed44ddddb607f964ace9c3505d59ef5a3691143a4845491661a1dff8ac4de2e56b54e263ac3aef86966fd656b5a65d4f3b89731d50fa919663bd5691678ee5f8f499e84b1822bd0b91409b62cf98c176df7e812513f3252d25d15fe13ef9f253af477d16bcfcd
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -42297,6 +42386,7 @@ Entropy.14 = 32695b2c55839eb3a048fabedcae1f23bf0c7206280ba4ba0d08b9bd9f119908
- Nonce.14 = 01f2a4cf8a9311abe5ecf58d6661dc5a
- Output.14 = 4a4f44f418d585e03f508f2ff05345abffeafd75f610a957be7f3ccaae31ba28e69bf8ae441a405fdbc0ee761e39c76b69062f5a3866fc296be1ad306e6584ab2d250d717605c70a17c46a298f714e4e820c85a1fb84f4d61b9857a40c2902193ad703c78635a2791abe6abca6124229ed75827135c27f1a04d244e1d73ff059
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -42377,6 +42467,7 @@ AdditionalInputA.14 = 2e51dbbfda8c92f2c838bd85ca5dfd7f35504fae1ad438431b61c2f062
- AdditionalInputB.14 = 00f507a359585778988b6bb6b91f23d4ab29d2adbe632e4cd4646c8cd5f1b76a
- Output.14 = b7adbbf07414551464711ad9a718315b0587db2782d34179b70b4c0e323a91ad9de40933023e3a6be71cd50dc58953ad1bf66354bc45dcd9ea23682d487b43903a8f426182536e170af8b04460c586d8ca56e4c307ab7116d8130634dc9a58e1c3077bbddd6bd58c8a0fb9b18c4b839aacf5fcd711c611db120e6a605745e86a
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -42442,6 +42533,7 @@ Nonce.14 = 3f9e88b93a6e69d070328c2c570c3be9
- PersonalisationString.14 = bbe702bbd2265e73aa073f47ce55fb65902abbe51635b414df688c60868546e1
- Output.14 = 0280555ba6b2379dce7cd56615d7d86feadb8ad995e2852a0607e663a34b1e0342c7bc649adcb204e271eeb87521591fad74b3bd841971cb100ae5f21599b732d8c5f9d578c1113da7034b580013720e62b1d013e28205d5024f8b1eb3219e6cf821792713354cf1349d32a64f32ecdbd7578c55e401fbea57f21ea3ebef0f9f
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -42537,6 +42629,7 @@ AdditionalInputA.14 = 38684dfa6edbd61e464e49f7d01932802a5a5d824db6b1df6087e84a8e
- AdditionalInputB.14 = 4949b08a12656c497cc6760791982c0d4e674b0f8a14be730a91689ee77e981a
- Output.14 = fda39bf8dc1aa785422281dec946bad99d5ead17cac55d47bdb9bd0a80a72f3c611f92bcf29e3e45475426a7a9f139b755f332cf75035b047697f4131c9bbc9ee825ede9a743b14f02dea122194405864aa2b538ed5cdf40ecf81e02bed1556ce0e7974548f050b084b8f3626c0fb2c7272d42cdcb039af4c7d957e285b53b5b
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -42587,6 +42680,7 @@ Entropy.14 = 1006646f977b83f4d90870f24b3b72d0b4947037f7671a64ce3b52829506a519
- Nonce.14 = 5698d50f59c42b26339d218fc985a41d
- Output.14 = 44ab1d22fd3a84f8847c33d0fb0aea66408d5181b8ea95416beddd9784d86d72d2851857b503253016036246cea11f2ad2bd18fe56508697a50b14e7c85bd9b002deadbce5ff9f72508b6ebce741dd7803a2d8633dbec235cccd37c089c9d747a52000ed4cc1dc8545ddb65e784a698bdc74a6ff4fd7b3dbed31a22f83b4fd8f
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -42667,6 +42761,7 @@ AdditionalInputA.14 = 8d72118578abbd90ddbe6115ab10b499afa26c2360eaf6fa118ba590ac
- AdditionalInputB.14 = 6ca4d45fcbd0c7e964557b2bd7622a528b4722335b47383f7bca004b7cd5cf04
- Output.14 = 360d9ff3111c6b713fc641b571b582770991885f2fea806a485006a1b4f41ece4ce83dcabfd403edde77780c044c96e85ce5d1f1a368ad881a64be8c41e87f0a682ab67170ae05a24b08b4a9178d13ac9928ecb3b5e23e745d93aaa5f111c335c77cb9a5c3da8163cb428fef60da737b884105ae57616637b0e40bad9594bd51
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -42732,6 +42827,7 @@ Nonce.14 = 50f723edc4f658862758e149e7ae4f20
- PersonalisationString.14 = 39d43e627ab7c7a6d12fce4cd8c001678bfadd9d07d4086674e5d8bdef4ac62e
- Output.14 = 02e68bf3f78812aa270619b307dc0e57b05b8310084ecd1914a67d93b77127e0b3ec40e359adc451eac8788ac708fde70575fc1b9bbfd291bf5b8d7bda7bcc23a0271ba0bb0e6d617132399bd6cedf5a9a683ea98b3b0dd3bc6d811e4f66c9ec751012992cf54e3ce474e09b31ba9c01ea231d4fa8f09441e204c4d3285c78d0
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-256
- PredictionResistance = 0
-@@ -44003,6 +44099,7 @@ AdditionalInputA.14 = 73cd5580972f69bb4b0d0cd8915a5b594c3a9fa40b82d6b37446dff4c0
- AdditionalInputB.14 = 304c2001d8bfb9f1b23f3b336db9f5da17752cbaba782d8932d2641aab4c34b8
- Output.14 = 5771705c788e15fd5f656d4b5555d532ee4c48453be651a69c30fa706abe7719d9842028c667fab59aab97fe64a6140baa5d42dbfb7ecd58f2ce557a7b8b2c01669232e0b8bb0ddc6ef8dbe627ec5b370ec74553640982a14bd38ad9824b9651b717f8e90f539c42d04f7cff648c38b26abf38dd2a777348a4c2872f6551ef0f9e148bec810025779e7cbe1055cb0250a764fca5a1feba53bba64b7ea0c4dd3d56a7e6b4f8a157264e6666d356fe5a7a29fde7f4391662c4e69f471c21c6beeb
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44053,6 +44150,7 @@ Entropy.14 = 2c13e44674e89aa105fc11b05e8526769a53ab0b4688f3d0d9cf23af4c8469bb
- Nonce.14 = 700ac6a616c1d1bb7bd8ff7e96a4d250
- Output.14 = f778161306fc5f1d9e649b2a26983f31266a84bc79dd1b0016c8de53706f9812c4cebdbde78a3592bc7752303154acd7f4d27c2d5751fc7b1fee62677a71fc90e259dfb4b6a9c372515fac6efe01958d199888c360504ffa4c7cf4517918c430f5640fedc738e0cc1fcec33945a34a62ca61a71a9067298d34ac4a93751ddcd9a0f142748a1f0a81a948c6c6a16179e70b6f13633fd03b838da20f81450b4fdc1752e98e71296f1941ca58e71b73ea93e99a98f58d0892fa16de6a16c602036ac857dd75f9ac2c9185932103db5430e80cde9131e814a0bf3f3e7a2200a7152424472fd27f791a854f29aecc448f8d3fca3f93290266df3193d9e13e08907ab2
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44133,6 +44231,7 @@ AdditionalInputA.14 = 6cfccdd8253cc5b284701ef8d16f8888f79100373a7df50f43a122591b
- AdditionalInputB.14 = 5795ae5be47a7f793423820352505e3890bac3805c102020e48226deab70140a
- Output.14 = 4a398c114f2e0ac330893d103b585cadcf9cd3b2ac7e46cde15b2f32cc4b9a7c7172b1a73f86d6d12d02973e561fa7f615e30195f7715022df75157f41dc7f9a50029350e308e3345c9ab2029bdc0f1b72c195db098c26c1ab1864224504c72f48a64d722e41b00707c7f2f6cdfe8634d06abe838c85b419c02bf419b88cde35324b1bfdaddff8b7e95f6af0e55b5ff3f5475feb354f2a7a490597b36080322265b213541682572616f3d3276c713a978259d607c6d69eec26d524ba38163a329103e39e3b0a8ec989eca74f287d6d39c7ceda4df8558faeb9d25149963430f33b108dc136a4f9bfa416b3ceaa6632cd5505fe14fb0d78cf15f2acfa03b9c307
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44198,6 +44297,7 @@ Nonce.14 = fff1f2e2ac117af8b2cb023f0dd6c6ea
- PersonalisationString.14 = 0a4c2df69d6c69df0a9c58ab7c886ed9db294f5fe98eb066fde543b409ee91e0
- Output.14 = ae35e947a538e7da73f944b4dea689c064b144b753fe597369e58ec4868099c0f000995949e82dc3e5c00555a2cfe48c8a87e87ae5e7402e2b1679e413cc556f08796269ef3ea83d6a49116349a31710964fb2f936cccf249472eab3267cc1ca0073ff4d964eefc82dd1559c3737661f8b206757a64c756680fb7ab6be8cb433b93f21a04c1e99c777ac26c1f34918794085ee593ca27ae991c53d141e52f90e7872bbb036dce78e6a33e2d638360f9c15d5746d6ff13c1bcdff1cd01749fa51c3c72e68c0ce57423d4915abe84c15cfb3301d0c3b8ffc6a1962c1fd981790fa2a3da60d70e8e8557e4b2e7458ad85f5141ad46e1db751893e8327c8197571e8
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44293,6 +44393,7 @@ AdditionalInputA.14 = 2b2dbe3834d8be93f1396b19be83bd96823dd82740da71c5eeb7b21865
- AdditionalInputB.14 = 49c322fc1bec86d3e20628d9bdc1644e6f5e0237c7c694746bfee32a00145696
- Output.14 = 9110cec7d07e6e32724bf043e73021b3ca0e4516b619d036ac9a00914e12f01ece71989f55c1caccd542c60a9cccffb91e203fd39dca2d92c8eb03ee7ee88abf21dc6891de326c3190f25ee9ab44ca72d178db0f846969465b25a07dcc83777e6b63a7f9f1a8246dd31ce50cd9eb70e6e383c9ad4dae19f7cec8bfe079b36d309c28b10161c28b8d66c357c7ee01f07403a596366725fd5bd3a5de3cb40dcf60aac10635615b866ae633fbdb7ece41695d533757d9d16c6d44fd170fae77c15b7426ed6ec8c9d6e9245cd5e19e8dc3c8c7e671007ce8454413bd07407e8a2248bee95a7669db6ee47377b4490a6251abb60cd4e2e404ab88aa4948e71ecec50c
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44343,6 +44444,7 @@ Entropy.14 = 1436be35237c34bac5b5b36b24c998380883fb52621daa420112cb57bc84745c
- Nonce.14 = ed884f91a94c1b0a51f316df776283af
- Output.14 = c74ce568f0c465e79ef3700857cc8857b74ec8c075cada3f2698ff69569318b130b5b079ac5b69814d057097b0a107a546b011db601b2f7aa1708effd6479f383d7d484a5df76b63f1419eb360991475b2cd97590a1887487a76cd6fde7764cba5f101e4614c635ba7b1e18724a0a8fb39ca0948bffc441b6aa0216cf3c28ae6c06a24ad1bbe68970e06884d3b68325a3d7c1dce9a2fe87d565dccdcee7c62ed32b577763f510f0029a99530209628359bedf4bbfed1a13c222692d8cae60ca736df834a6e316db27642ed5839d2e11716a5c06e8d067e8548d7ac0687da801d292e2a6f414d7470d2e72261188347878d18e00fab3d4c15cb4c4a73cf963437
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44423,6 +44525,7 @@ AdditionalInputA.14 = 48e994654ab1d109511a3b34f5fa9f12b8da17da510d7a71e3839ba86b
- AdditionalInputB.14 = 949ee0617b277a3ddf4a51343104704775d91797be1826d78051496a87d9113d
- Output.14 = c4bce916b00a8583ebe1e85feaa1f076315ec9433e18afa1252061a62fc7558491678cb31048e4b4551b697e8dcb58dff951337f0fb7a41546d9a7838a1da149cb44558d324eab9e7ae147e8ead666e3d4eabc9978626efc8710ba8b5eb485d5693e5d6cac36ddd3a1a878ffbc77e9ec5d333cdae2b5803dcbba70d4e0dc60366dae5cf25990f3ae6147c99ec6c998397a1ac02b1b6ef6867aa897ca90b7fb938e3ddeef57e40897a644a4f08e37c995210e00f07145d5b3620ce673072525f9f74adf79ad703c4a09adc6eadcf77e76c6b032270d4c68f01672decf9aa0e941086188304fc33a28f53bf121df747b7dfdc00ddfe68f6d06ab7e82295f70652e
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44488,6 +44591,7 @@ Nonce.14 = 70916df78dd9ea799230435b3e48686b
- PersonalisationString.14 = bf755696adb9c92839798798f836b063cbbe987f0163ef3f4a97222c888f5da0
- Output.14 = 411cd8e76e711447e8a93ca95aa3aac5e51f559d65a8385a15e71877ac8472a347d9d453bd6761655711ce2133900d28e41cfd1292d28848646e5cbdcac1e60e49e62aab169b1735e701e38d65ccc073f277972ca85444dea86c19c0c08317dbbeca4fbd5d4295c9da71b89623d0028cebf1ab68fd0aef5b37e76e2e0b3e7f72eee04c01b6afb180b1fa0c370975526b788ec4db076a16a798671451af3e20d323684e232a25d78aaa8ee43f734f1555bf0a324053c7c895dc3e098621e189962a914f486cd7a5ff330f39316afb762b1a06cf8b593ca00d7edf739e2e6827a7af662f33bb09fad09d6bdb3a565f2bd32512c79927d390c79a1cc6db968b13a0
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44583,6 +44687,7 @@ AdditionalInputA.14 = 6f9f47857a60b6f3f9fe9a83ebcec5f16ca73e236d2af5b0daab45c0b9
- AdditionalInputB.14 = e6628fbe4a774bc5383218302b7c565da5a5bd9f19db6182b444af5ae5f62739
- Output.14 = d701c1824a82ff1803c4b59f490c3f37850ce85b5905059ac4484f5049f31772ab8401bc9b8fc1fd6ca06d01f01caecb3cbd914ea9574f497df0316a0d56e2830c8a908ba78d1dbe243d0fbc560c407052ec02e9c77f7b12264a46316a777955ae87a71f2da9cef2811f6328ccb288343abb65a36359c07122cb4e6639397829c48dbf8a821ddf00ddec2f294e48d05adfd0f7a706bfc337387bb7923641d08c288d23ed5a2a20f34684549f9f6b3d74ac0f04e10c7dec04aceac369f505d7ccacdf30ea0662cbab001740922e9ac32b6968e0c5a640345d1132e883e07fc82858980489893d0e38960883e989c41e72ee967c00b9a943f0666d1f5e93e848ef
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44633,6 +44738,7 @@ Entropy.14 = f5ee32b61bd57a4a4d51309e846f636560a8bb2a576c65d37a3f715ff1878014
- Nonce.14 = c638557dae4f9ab6e078c61d54d0f566
- Output.14 = e929e6c5c4a629c49fbb8623aea903ea129bb6484ed542cf940dd97bedc292e8bce924ef0cc57fa9b50b17b82618a840375874735560aea57e4e9701e4ecd0e812d1bf9fdecf67f431e4d7f6f455dfe4bd3b9a1553c574b0bfbc933a31580319c97682dd990c7081b711c2fa67a4eb54472be39f634c5dd901848c012c309c43f34d189a72c219acf8ca393d3f2cb292d62bb4d5e88f2b6e5e0422dafeac17415af623473f26ec24e65082123db9b9c00dbce3ca1942269fdf66f14add6c486a00527a39b050c2f3a6bc461e750f6e33236de198742284998bff98b7b3f6566e66679b3d8a1e63561fb5f8228867b8ff92230a9f2a6b9427821b6d55a359994d
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44713,6 +44819,7 @@ AdditionalInputA.14 = db7b290176b65f826aac2190a912672f8a9c97815706af33732f68b1f7
- AdditionalInputB.14 = 13425f17d8fbcca3b4d7793a53507a85813f6f50d3365d680c0620d5fe1bfc33
- Output.14 = 12d4cfe6574dddbf9de82b8a357bbd6e32a3addb7022c313ac401d0aecfbdfbc7229822f7db9012e8bb0e2907fd48d3eb435ef8368802e5eb948f1bd8d47569b694e23979652f6978b568d7e2288b596afbc67b6c1e0d662240356dc6257d9d273a9ca9f7dfc9bd4175a50ad5b328056c37046e734a76384d7418591a7604f332a457f2fbb277dce4fd2729fdd1319dc3a56b9901a50dc90feaf5969cd9e450bd8716e44253ca55c4e1dcf791658cc467cfba613c27a96f67bd68dd8ccf46bbca4294a0f548b919626d1712ed4290ec90c1098a082699450738d32a8c6516d83bd54a42413bc0ea0b37fe5d6b0663806df67f61d2c553aba3aed3f9aff111d2d
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44778,6 +44885,7 @@ Nonce.14 = c600da30d68cddd9b823433845111880
- PersonalisationString.14 = 8896ff67866ff1f59c8e5074d91e6b9112410c9b6a1eefbcf05a1b8c7123dc89
- Output.14 = ad8150de910a0bbdad0a674d032919ac3304d5977fc43ad5d5b1fa9be46f22e94f5c2747db228315b0d0505867fd97f9b1582f97b4693ed542c416df1847a85bcd4ad07d6348a4df78412e3df4e675def7f44b1895a8a2156c811040a46198a863c0107aebc3a426b4c2b9ac294b227d323879a70cdf7ceeee7f6f51f102c3ba4ae9a7343aff295b664c869f2c2d6e4396362fdae7d9b5eb0802f37ff7a3a7f1c944044b1bd9b21fbf23f191c6f538398164c2d1b67390e7b059b1c9f5bb031b89a23895ac65770182c8072fb0ad4a7be055d9a4653d08e6b22a61ebdfb66adec2629030f47aca70a06d68c9e1c041ceb2dc9bcd1ceaf61655ef7bbb1653f3d6
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44873,6 +44981,7 @@ AdditionalInputA.14 = 4adc98c66aa72da2c63172aba2a6c59fb20aa7b195a0b79edc709bfa99
- AdditionalInputB.14 = 83485ecbf938b8035d047956a3a1bea5adb66c4a7a24b21dfce4269681c31bae
- Output.14 = 6c69a58a3b27c73ac396840a93ff914219fa80241d39d65890ea612017d7b92b12062fbc0e3c39508c86023f7d70e9b156b4a766465c01c554acd6b5d78568d2087834b3b14f3fdc4d4b959e78ae2fa5298c87321b777afaea4a5c271a584a23a262f8b679cc8198ccd116c88dcf529a6677ebf5189d287f56eb445ad7313acce013b3fe49fb5212cdc3cf8c5ed15aa26b1135d7d9e0570719c4230c104a652fb36ffc57e219e735c03346d18eb57bcba813965bcb39b6a81da624838ba7b9a65d3b684a021f4071c66ce705974f2bd0ce1ad6727136d77529e3b400db0d14ffeabbac877cdf6a38ca66d83492a90482343a5a427ae8b8f77a2f724aa30c11b9
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -44923,6 +45032,7 @@ Entropy.14 = 60da58990a377a615436ef43b1199f88c7a4629653dde2350a4c5115c42e52f6
- Nonce.14 = 592033d0de138ae7082c03553e3bfdf9
- Output.14 = 7a770dbe8e1d3af1dae5b93acd9e6f1748a4a6a88229a875d23b37665e0cc96d888dfdc428a32cab378a9ebe22409709cd9d11f0c751c08d98eeac13b6f76f0f51ccea254cae23177c3aa207c59b5ce221b93442d037256d553275a6c4b5c83c1fe555a630e37d8277e02c050c19e145a71ec98b96ae3ae44c9ff87c4501c1ff7fd5231510ac9df623b3fb178e147f07d1fe02b48e877cba89a822c91b5af56b71d60116c49f80d87656144854909a7d718b5aa8f071f18357c2c9f9b6c0fac3195040f26b86aa936fd35ff37287aa140cd01ca6c5e577d815790d6fcb1a57569d23e801e2eb2b669ae7cf17d87f9ee66e0b515bcab09087e111da199b6a15b2
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -45003,6 +45113,7 @@ AdditionalInputA.14 = 967911f9412d40f2c62e43f48ff965bb1579a2ace388c781e125fe70f4
- AdditionalInputB.14 = 052c401de1053b8dea309196bb8e326d4b643371976d1ff6be0a6ea4ad27e5e9
- Output.14 = f7e8cdc3f8d2796414b9c83486d746cb8b1675b37d0d7546392c59622c693045dbcb10e9343524a6e7a9cc757717af22ddb8127bcdfb29cb8da409bd69d42aed9708cb2f904dff562a695be004ab25d31b8485bdd677c96d156ce8037726519d1949cc15e91acfd1c7c0bd58058b72c7d340b2f0bb12115ef44af6d20ce5f429d681b614e06bcddbf8ba00b40732b4dd425d1a87b663afce0e9a87b942a543b055f00b2428de12464a1309fccd0a15d512691e3858666ea4dc6084283deb075877c0162dbaf8318c9cda01ca611d72fac0b386a753ef35f438757cdf732a61a1f6123d1de3f61eb072d022f56c679a86f7a05bd6fa420ba39ed2973d4007b9cc
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -45068,6 +45179,7 @@ Nonce.14 = 0a6bef6b736129740978e31c3fa279e8
- PersonalisationString.14 = a5ca2491479bda16341b2c14339a5307fc2e2f5df4fa625e0ea351a95a14f588
- Output.14 = df587647f8d440a6c8034e757cd47f28d0e58f8aad9a047cdc8a70a8b1cd0d8185240d47bc5d2f4657205ed218ec38307e68efad94714630cd490b939719a4a07ab994793112c021969a8c69872903315c74b00b677648673e5883b5f46e075550092914cfeab05454226ee3d2154698f368bfda0b8b99eff5d111c1649a0f7e67ec0f637c6d3466994d655066a95732590e521ca055b048dbafd219be1a04fcd047c3722c4adf29ebd8486e7171359292e11ac6b740b4d51093383d64d2a45e51115c689ae29357366f2013eb9b420c6bd069d22c2110182e842eccadae81797a5f57d9ff47311f094ea0a25d7e329fcccb93c28b92ed85ccc2d690a84f2b2a
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 0
-@@ -68233,6 +68345,7 @@ Output.14 = 6af689cec62a633492f6e24b754d38dd6ab0b556e91802d72f14dc8c0e9ff50df728
-
- Title = HMAC DRBG Prediction Resistance Tests (from NIST test vectors)
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -68313,6 +68426,7 @@ EntropyPredictionResistanceA.14 = ae706e740dda50209b20acf90dfa8cec
- EntropyPredictionResistanceB.14 = b4d4b4bc7cba4daa285ff88ce9e8d451
- Output.14 = 74acba48f0216087f18042ff14101707c27d281e5ddbc19c722bec3f77bf17ca31239382f4fc1d4dd0f44c296bc2f10f74864951f7da19a23e3e598ac43fb8bbdd1fca8047b98689ef1c05bc81102bb5
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -68423,6 +68537,7 @@ AdditionalInputB.14 = ccdb3f7d7f6a4d169f5f2e24ec481fcb
- EntropyPredictionResistanceB.14 = be4a2c87c875be0e1be01aadf2efeef6
- Output.14 = bfcc8f2ece23d22545ec2176aabd083855923ca9a673b54b66a3e2562212aad3cc74c4c8976de259cc95a2f09a85b7acd1f18c343eff0368a80e73a547efdcd954816b38df1c19556d714897e317d69f
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -68518,6 +68633,7 @@ EntropyPredictionResistanceA.14 = f324c09f96434ceea7e756fc2f55a0b3
- EntropyPredictionResistanceB.14 = f043b6e11fc2f671ec00f4d478b791c6
- Output.14 = 40e87b822b1000441884a38b8776baa69fbea99962571e8a20d8af012d50c8c211860ad579869ec880320ea8057d5cb0de9496ec57d8b594ca8be5b94219eaa800af7205f8a83b66c87e0fee9aa9732f
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -68643,6 +68759,7 @@ AdditionalInputB.14 = 0d5a2183c9f9ca6941f6a617892f5e47
- EntropyPredictionResistanceB.14 = 998f9cde45b1dc22db6d2d7bfd4f3930
- Output.14 = 934fe82b0951b97dafc5ba16e87b0459691156b42ff2dbbbd8f6ed9b04be952af267c6a17fbfc86de91f9f07eed482a5362b176216a8963af485503ba93b2e82c03a3ee6225077d90cd961e24f6026f6
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -68723,6 +68840,7 @@ EntropyPredictionResistanceA.14 = 427b47ed008e489cfd06e1a6e0a9f07b
- EntropyPredictionResistanceB.14 = e5ee8df96c0e929446502a4bbd23ab22
- Output.14 = a544ea7c3362570f48a42635f4b79f615d11a5d8a480d85ac71e4be90074fbd5e2d368d00755e95a262d79ed262003d3e2a26f82c37d091ae763a01fba08c87b3ec0ce817bbab8d1905f91f021b7d7d0
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -68833,6 +68951,7 @@ AdditionalInputB.14 = 3e95f86a7168410eac0c84995c187fd9
- EntropyPredictionResistanceB.14 = fd15dfdd8cfeeb7ce0c76f759dfd47df
- Output.14 = 480d9cbbfa6c923866179318b293c52c9ad86c2ee27faa745873a77d0242afe669d1773fd9c17284097ee8e644aa054deefbb9c73732ba6b5004623df15edeb49ef2e1bc8dbe023f7104ea1395d9fd38
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -68928,6 +69047,7 @@ EntropyPredictionResistanceA.14 = 845decbe6e03e423b3660bfe7db383bf
- EntropyPredictionResistanceB.14 = f4ee7409c076201255bc78ec82ca5530
- Output.14 = ac57a08b77c528b834df2757069b6330f05a9196fbbb17300f9c31ef596f551ecc56fa3256c0ab1534df4955f2da1e8d98026b7c5e07290faa5131a95d0fa35a56b075752656ab61a74f889fbb735c58
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -69053,6 +69173,7 @@ AdditionalInputB.14 = 063e444dc2990f59e04839fd5e9eaeb6
- EntropyPredictionResistanceB.14 = e059229538a827fe9b7e5caa44fb1e3d
- Output.14 = 62efebd7730c6999fd052b98e2bf26eebc96b617a03fe2f1aa7ea3be1aea833f705a3ef3776adc7578f5bb6955a60853ef267fbc18aa3d57b8e0d9134c81e8ffadd0c66d385e5d535d74a615fa896757
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -69133,6 +69254,7 @@ EntropyPredictionResistanceA.14 = 74b72e7e1c5f16bf0389dafed9a86ae4
- EntropyPredictionResistanceB.14 = adef9418a342b4717e93df6450429a38
- Output.14 = eae51f34bfaa2970f41c3211ec228cfccc1d3c0fcc077d1d9ba159b3bac8685bc5783f61c67fdd4beca05dd4f14afcfc4d554ae75f73842637671102c3b81cabc9a0638cecad5a6615171be5265d5454
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -69243,6 +69365,7 @@ AdditionalInputB.14 = 696d9380b814b456ca59ed58ea765400
- EntropyPredictionResistanceB.14 = d57fb196a634da13ba8695098ed79f9c
- Output.14 = 069848aef419759b75896cd507a109f685228b5639470afeac0caa853f1c3dbe373f99db76bf06fe8bac356bedf6bf18787043970fb0a185c8a0a4d8482aa3059eeba0d244fc03c9b72857dc5188d44b
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -69338,6 +69461,7 @@ EntropyPredictionResistanceA.14 = 015ef1f359f60a391b3720d578731070
- EntropyPredictionResistanceB.14 = 963736987090fe71e69b4a2480d9b314
- Output.14 = c75a102bea830a8a58d9a9a43cb03b21aea75d8d2a08c37aaae9180a5e1c78e5700b20a5fe1c7ef0a7e3d2adcf539c4c1357946a328a057e719b97d802b586910f804c166d4884d8bbb3bbc03074c53a
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -69463,6 +69587,7 @@ AdditionalInputB.14 = e0b7ad60c542e6c2b324652fd2d7cdc6
- EntropyPredictionResistanceB.14 = dc7ea852c3e5467977c7946e77223567
- Output.14 = 0e2e5f47ca8ce1c7fdae1b49d6bc8594da1458eb8dfb35e0602d3812df7532cf6213eba8e75302444529565c40d23d0a336c4cadde37f0def2c3d412984360b65c668ef43263fada16b28860f6ee6ceb
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -69543,6 +69668,7 @@ EntropyPredictionResistanceA.14 = 4912a46c447c2de26dbbaec01817d2a6
- EntropyPredictionResistanceB.14 = c182dc35363cd7e04394c28030e6d6b9
- Output.14 = 976daafdf1dd5163e88a928d91933678cda9c8ef9a8251070ee8a6b42efda3c00a73303d0426da4a4af7c587174dce9936bfbb68a73979afee9f3a5b4fb4da2eb2b2f2f1c0948b63b45bf583412b2890
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -69653,6 +69779,7 @@ AdditionalInputB.14 = 8022a4985c745515682102a25b379301
- EntropyPredictionResistanceB.14 = 8cc2d8a789d343547ee48869f57ae225
- Output.14 = 5707c544445358767b1c4d6c319b6a8d9be38afbf945dd4e869e9136d63c9d74aa872139e8bdd374510ebcf8c36c39e45ff31596fa58721c2a089dea7b418b3f7a00d78c6ba531adbb59ae2ab44bb683
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -69748,6 +69875,7 @@ EntropyPredictionResistanceA.14 = 701b8e70583effd1c4e901c50966127e
- EntropyPredictionResistanceB.14 = 40e9ad701b63ee7bd6132d7f056a1f09
- Output.14 = a76b3e058ed1a8ca5860b15abe08a607894207d3d3be5bf6c3dc99c01523c85bf18927bc6d3f66cfef63a238aaef1ee87998100faabeef0d2518f3ccc0423d776a440ec9a87c5601fdf45c309c264dcd
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-1
- PredictionResistance = 1
-@@ -76340,6 +76468,7 @@ EntropyPredictionResistanceA.14 = a918ec35414b0bf1d9ba3b80ef838e75b9504fb6b77e40
- EntropyPredictionResistanceB.14 = c25de5d8b1f17acb7303c4a652ea1bcf284bfdc08a12c40ece16e3125fc8757e
- Output.14 = a3072880e72e76ec1e467d7c4f4ab8013eca926c96f075a0a25f5550931f4d6b3aff2057ae6fc1382d579e8963ee24459d76d7414d250aaf5b302a539775862e26596176de2891589defa7aa66f763126c7fb7ced0fa80f3f5e1f0d15295e6025fad617e554838876c8c8efb4bef1e1227a1c967afe99540c1992328a70798167eaea5a768f1f4395178dc914cde01b8e6b98266a66c5c079e19e5d3b6599c6dec24e8e155b310164299d1b4d31ab2e0c3b917b0cb627a4cc19c86061c74c849aab764feacd33de7472b7c4e1403cb38f8f1c3062e75966b2e2c0b2d7d966271f3d180440aa2ed2194bbf7d8b9415a5c5bb7f3df7cf2d02740cd4366ee3781a9
-
-+Availablein = default
- RAND = HMAC-DRBG
- Digest = SHA-512
- PredictionResistance = 1
---
-2.41.0
-
diff --git a/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch b/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
deleted file mode 100644
index 01fa935..0000000
--- a/0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
+++ /dev/null
@@ -1,273 +0,0 @@
-From 930e7acf7dd225102b6e88d23f5e2a3f4acea9fa Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 15:43:57 +0200
-Subject: [PATCH 37/48]
- 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
-
-Patch-name: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
-Patch-id: 81
----
- providers/implementations/signature/rsa_sig.c | 6 +
- test/acvp_test.inc | 214 ------------------
- 2 files changed, 6 insertions(+), 214 deletions(-)
-
-diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index 63ee11e566..cfaa4841cb 100644
---- a/providers/implementations/signature/rsa_sig.c
-+++ b/providers/implementations/signature/rsa_sig.c
-@@ -1279,7 +1279,13 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
- err_extra_text = "No padding not allowed with RSA-PSS";
- goto cont;
- case RSA_X931_PADDING:
-+#ifndef FIPS_MODULE
- err_extra_text = "X.931 padding not allowed with RSA-PSS";
-+#else /* !defined(FIPS_MODULE) */
-+ err_extra_text = "X.931 padding no longer allowed in FIPS mode,"
-+ " since it was removed from FIPS 186-5";
-+ goto bad_pad;
-+#endif /* !defined(FIPS_MODULE) */
- cont:
- if (RSA_test_flags(prsactx->rsa,
- RSA_FLAG_TYPE_MASK) == RSA_FLAG_TYPE_RSA)
-diff --git a/test/acvp_test.inc b/test/acvp_test.inc
-index 73b24bdb0c..96a72073f9 100644
---- a/test/acvp_test.inc
-+++ b/test/acvp_test.inc
-@@ -1204,13 +1204,6 @@ static const struct rsa_siggen_st rsa_siggen_data[] = {
- ITM(rsa_siggen0_msg),
- NO_PSS_SALT_LEN,
- },
-- {
-- "x931",
-- 2048,
-- "SHA384",
-- ITM(rsa_siggen0_msg),
-- NO_PSS_SALT_LEN,
-- },
- {
- "pss",
- 2048,
-@@ -1622,202 +1615,6 @@ static const unsigned char rsa_sigverpss_1_sig[] = {
- 0x5c, 0xea, 0x8a, 0x92, 0x31, 0xd2, 0x11, 0x4b,
- };
-
--static const unsigned char rsa_sigverx931_0_n[] = {
-- 0xa0, 0x16, 0x14, 0x80, 0x8b, 0x17, 0x2b, 0xad,
-- 0xd7, 0x07, 0x31, 0x6d, 0xfc, 0xba, 0x25, 0x83,
-- 0x09, 0xa0, 0xf7, 0x71, 0xc6, 0x06, 0x22, 0x87,
-- 0xd6, 0xbd, 0x13, 0xd9, 0xfe, 0x7c, 0xf7, 0xe6,
-- 0x48, 0xdb, 0x27, 0xd8, 0xa5, 0x49, 0x8e, 0x8c,
-- 0xea, 0xbe, 0xe0, 0x04, 0x6f, 0x3d, 0x3b, 0x73,
-- 0xdc, 0xc5, 0xd4, 0xdc, 0x85, 0xef, 0xea, 0x10,
-- 0x46, 0xf3, 0x88, 0xb9, 0x93, 0xbc, 0xa0, 0xb6,
-- 0x06, 0x02, 0x82, 0xb4, 0x2d, 0x54, 0xec, 0x79,
-- 0x50, 0x8a, 0xfc, 0xfa, 0x62, 0x45, 0xbb, 0xd7,
-- 0x26, 0xcd, 0x88, 0xfa, 0xe8, 0x0f, 0x26, 0x5b,
-- 0x1f, 0x21, 0x3f, 0x3b, 0x5d, 0x98, 0x3f, 0x02,
-- 0x8c, 0xa1, 0xbf, 0xc0, 0x70, 0x4d, 0xd1, 0x41,
-- 0xfd, 0xb9, 0x55, 0x12, 0x90, 0xc8, 0x6e, 0x0f,
-- 0x19, 0xa8, 0x5c, 0x31, 0xd6, 0x16, 0x0e, 0xdf,
-- 0x08, 0x84, 0xcd, 0x4b, 0xfd, 0x28, 0x8d, 0x7d,
-- 0x6e, 0xea, 0xc7, 0x95, 0x4a, 0xc3, 0x84, 0x54,
-- 0x7f, 0xb0, 0x20, 0x29, 0x96, 0x39, 0x4c, 0x3e,
-- 0x85, 0xec, 0x22, 0xdd, 0xb9, 0x14, 0xbb, 0x04,
-- 0x2f, 0x4c, 0x0c, 0xe3, 0xfa, 0xae, 0x47, 0x79,
-- 0x59, 0x8e, 0x4e, 0x7d, 0x4a, 0x17, 0xae, 0x16,
-- 0x38, 0x66, 0x4e, 0xff, 0x45, 0x7f, 0xac, 0x5e,
-- 0x75, 0x9f, 0x51, 0x18, 0xe6, 0xad, 0x6b, 0x8b,
-- 0x3d, 0x08, 0x4d, 0x9a, 0xd2, 0x11, 0xba, 0xa8,
-- 0xc3, 0xb5, 0x17, 0xb5, 0xdf, 0xe7, 0x39, 0x89,
-- 0x27, 0x7b, 0xeb, 0xf4, 0xe5, 0x7e, 0xa9, 0x7b,
-- 0x39, 0x40, 0x6f, 0xe4, 0x82, 0x14, 0x3d, 0x62,
-- 0xb6, 0xd4, 0x43, 0xd0, 0x0a, 0x2f, 0xc1, 0x73,
-- 0x3d, 0x99, 0x37, 0xbe, 0x62, 0x13, 0x6a, 0x8b,
-- 0xeb, 0xc5, 0x64, 0xd5, 0x2a, 0x8b, 0x4f, 0x7f,
-- 0x82, 0x48, 0x69, 0x3e, 0x08, 0x1b, 0xb5, 0x77,
-- 0xd3, 0xdc, 0x1b, 0x2c, 0xe5, 0x59, 0xf6, 0x33,
-- 0x47, 0xa0, 0x0f, 0xff, 0x8a, 0x6a, 0x1d, 0x66,
-- 0x24, 0x67, 0x36, 0x7d, 0x21, 0xda, 0xc1, 0xd4,
-- 0x11, 0x6c, 0xe8, 0x5f, 0xd7, 0x8a, 0x53, 0x5c,
-- 0xb2, 0xe2, 0xf9, 0x14, 0x29, 0x0f, 0xcf, 0x28,
-- 0x32, 0x4f, 0xc6, 0x17, 0xf6, 0xbc, 0x0e, 0xb8,
-- 0x99, 0x7c, 0x14, 0xa3, 0x40, 0x3f, 0xf3, 0xe4,
-- 0x31, 0xbe, 0x54, 0x64, 0x5a, 0xad, 0x1d, 0xb0,
-- 0x37, 0xcc, 0xd9, 0x0b, 0xa4, 0xbc, 0xe0, 0x07,
-- 0x37, 0xd1, 0xe1, 0x65, 0xc6, 0x53, 0xfe, 0x60,
-- 0x6a, 0x64, 0xa4, 0x01, 0x00, 0xf3, 0x5b, 0x9a,
-- 0x28, 0x61, 0xde, 0x7a, 0xd7, 0x0d, 0x56, 0x1e,
-- 0x4d, 0xa8, 0x6a, 0xb5, 0xf2, 0x86, 0x2a, 0x4e,
-- 0xaa, 0x37, 0x23, 0x5a, 0x3b, 0x69, 0x66, 0x81,
-- 0xc8, 0x8e, 0x1b, 0x31, 0x0f, 0x28, 0x31, 0x9a,
-- 0x2d, 0xe5, 0x79, 0xcc, 0xa4, 0xca, 0x60, 0x45,
-- 0xf7, 0x83, 0x73, 0x5a, 0x01, 0x29, 0xda, 0xf7,
--
--};
--static const unsigned char rsa_sigverx931_0_e[] = {
-- 0x01, 0x00, 0x01,
--};
--static const unsigned char rsa_sigverx931_0_msg[] = {
-- 0x82, 0x2e, 0x41, 0x70, 0x9d, 0x1f, 0xe9, 0x47,
-- 0xec, 0xf1, 0x79, 0xcc, 0x05, 0xef, 0xdb, 0xcd,
-- 0xca, 0x8b, 0x8e, 0x61, 0x45, 0xad, 0xa6, 0xd9,
-- 0xd7, 0x4b, 0x15, 0xf4, 0x92, 0x3a, 0x2a, 0x52,
-- 0xe3, 0x44, 0x57, 0x2b, 0x74, 0x7a, 0x37, 0x41,
-- 0x50, 0xcb, 0xcf, 0x13, 0x49, 0xd6, 0x15, 0x54,
-- 0x97, 0xfd, 0xae, 0x9b, 0xc1, 0xbb, 0xfc, 0x5c,
-- 0xc1, 0x37, 0x58, 0x17, 0x63, 0x19, 0x9c, 0xcf,
-- 0xee, 0x9c, 0xe5, 0xbe, 0x06, 0xe4, 0x97, 0x47,
-- 0xd1, 0x93, 0xa1, 0x2c, 0x59, 0x97, 0x02, 0x01,
-- 0x31, 0x45, 0x8c, 0xe1, 0x5c, 0xac, 0xe7, 0x5f,
-- 0x6a, 0x23, 0xda, 0xbf, 0xe4, 0x25, 0xc6, 0x67,
-- 0xea, 0x5f, 0x73, 0x90, 0x1b, 0x06, 0x0f, 0x41,
-- 0xb5, 0x6e, 0x74, 0x7e, 0xfd, 0xd9, 0xaa, 0xbd,
-- 0xe2, 0x8d, 0xad, 0x99, 0xdd, 0x29, 0x70, 0xca,
-- 0x1b, 0x38, 0x21, 0x55, 0xde, 0x07, 0xaf, 0x00,
--
--};
--static const unsigned char rsa_sigverx931_0_sig[] = {
-- 0x29, 0xa9, 0x3a, 0x8e, 0x9e, 0x90, 0x1b, 0xdb,
-- 0xaf, 0x0b, 0x47, 0x5b, 0xb5, 0xc3, 0x8c, 0xc3,
-- 0x70, 0xbe, 0x73, 0xf9, 0x65, 0x8e, 0xc6, 0x1e,
-- 0x95, 0x0b, 0xdb, 0x24, 0x76, 0x79, 0xf1, 0x00,
-- 0x71, 0xcd, 0xc5, 0x6a, 0x7b, 0xd2, 0x8b, 0x18,
-- 0xc4, 0xdd, 0xf1, 0x2a, 0x31, 0x04, 0x3f, 0xfc,
-- 0x36, 0x06, 0x20, 0x71, 0x3d, 0x62, 0xf2, 0xb5,
-- 0x79, 0x0a, 0xd5, 0xd2, 0x81, 0xf1, 0xb1, 0x4f,
-- 0x9a, 0x17, 0xe8, 0x67, 0x64, 0x48, 0x09, 0x75,
-- 0xff, 0x2d, 0xee, 0x36, 0xca, 0xca, 0x1d, 0x74,
-- 0x99, 0xbe, 0x5c, 0x94, 0x31, 0xcc, 0x12, 0xf4,
-- 0x59, 0x7e, 0x17, 0x00, 0x4f, 0x7b, 0xa4, 0xb1,
-- 0xda, 0xdb, 0x3e, 0xa4, 0x34, 0x10, 0x4a, 0x19,
-- 0x0a, 0xd2, 0xa7, 0xa0, 0xc5, 0xe6, 0xef, 0x82,
-- 0xd4, 0x2e, 0x21, 0xbe, 0x15, 0x73, 0xac, 0xef,
-- 0x05, 0xdb, 0x6a, 0x8a, 0x1a, 0xcb, 0x8e, 0xa5,
-- 0xee, 0xfb, 0x28, 0xbf, 0x96, 0xa4, 0x2b, 0xd2,
-- 0x85, 0x2b, 0x20, 0xc3, 0xaf, 0x9a, 0x32, 0x04,
-- 0xa0, 0x49, 0x24, 0x47, 0xd0, 0x09, 0xf7, 0xcf,
-- 0x73, 0xb6, 0xf6, 0x70, 0xda, 0x3b, 0xf8, 0x5a,
-- 0x28, 0x2e, 0x14, 0x6c, 0x52, 0xbd, 0x2a, 0x7c,
-- 0x8e, 0xc1, 0xa8, 0x0e, 0xb1, 0x1e, 0x6b, 0x8d,
-- 0x76, 0xea, 0x70, 0x81, 0xa0, 0x02, 0x63, 0x74,
-- 0xbc, 0x7e, 0xb9, 0xac, 0x0e, 0x7b, 0x1b, 0x75,
-- 0x82, 0xe2, 0x98, 0x4e, 0x24, 0x55, 0xd4, 0xbd,
-- 0x14, 0xde, 0x58, 0x56, 0x3a, 0x5d, 0x4e, 0x57,
-- 0x0d, 0x54, 0x74, 0xe8, 0x86, 0x8c, 0xcb, 0x07,
-- 0x9f, 0x0b, 0xfb, 0xc2, 0x08, 0x5c, 0xd7, 0x05,
-- 0x3b, 0xc8, 0xd2, 0x15, 0x68, 0x8f, 0x3d, 0x3c,
-- 0x4e, 0x85, 0xa9, 0x25, 0x6f, 0xf5, 0x2e, 0xca,
-- 0xca, 0xa8, 0x27, 0x89, 0x61, 0x4e, 0x1f, 0x57,
-- 0x2d, 0x99, 0x10, 0x3f, 0xbc, 0x9e, 0x96, 0x5e,
-- 0x2f, 0x0a, 0x25, 0xa7, 0x5c, 0xea, 0x65, 0x2a,
-- 0x22, 0x35, 0xa3, 0xf9, 0x13, 0x89, 0x05, 0x2e,
-- 0x19, 0x73, 0x1d, 0x70, 0x74, 0x98, 0x15, 0x4b,
-- 0xab, 0x56, 0x52, 0xe0, 0x01, 0x42, 0x95, 0x6a,
-- 0x46, 0x2c, 0x78, 0xff, 0x26, 0xbc, 0x48, 0x10,
-- 0x38, 0x25, 0xab, 0x32, 0x7c, 0x79, 0x7c, 0x5d,
-- 0x6f, 0x45, 0x54, 0x74, 0x2d, 0x93, 0x56, 0x52,
-- 0x11, 0x34, 0x1e, 0xe3, 0x4b, 0x6a, 0x17, 0x4f,
-- 0x37, 0x14, 0x75, 0xac, 0xa3, 0xa1, 0xca, 0xda,
-- 0x38, 0x06, 0xa9, 0x78, 0xb9, 0x5d, 0xd0, 0x59,
-- 0x1b, 0x5d, 0x1e, 0xc2, 0x0b, 0xfb, 0x39, 0x37,
-- 0x44, 0x85, 0xb6, 0x36, 0x06, 0x95, 0xbc, 0x15,
-- 0x35, 0xb9, 0xe6, 0x27, 0x42, 0xe3, 0xc8, 0xec,
-- 0x30, 0x37, 0x20, 0x26, 0x9a, 0x11, 0x61, 0xc0,
-- 0xdb, 0xb2, 0x5a, 0x26, 0x78, 0x27, 0xb9, 0x13,
-- 0xc9, 0x1a, 0xa7, 0x67, 0x93, 0xe8, 0xbe, 0xcb,
--};
--
--#define rsa_sigverx931_1_n rsa_sigverx931_0_n
--#define rsa_sigverx931_1_e rsa_sigverx931_0_e
--static const unsigned char rsa_sigverx931_1_msg[] = {
-- 0x79, 0x02, 0xb9, 0xd2, 0x3e, 0x84, 0x02, 0xc8,
-- 0x2a, 0x94, 0x92, 0x14, 0x8d, 0xd5, 0xd3, 0x8d,
-- 0xb2, 0xf6, 0x00, 0x8b, 0x61, 0x2c, 0xd2, 0xf9,
-- 0xa8, 0xe0, 0x5d, 0xac, 0xdc, 0xa5, 0x34, 0xf3,
-- 0xda, 0x6c, 0xd4, 0x70, 0x92, 0xfb, 0x40, 0x26,
-- 0xc7, 0x9b, 0xe8, 0xd2, 0x10, 0x11, 0xcf, 0x7f,
-- 0x23, 0xd0, 0xed, 0x55, 0x52, 0x6d, 0xd3, 0xb2,
-- 0x56, 0x53, 0x8d, 0x7c, 0x4c, 0xb8, 0xcc, 0xb5,
-- 0xfd, 0xd0, 0x45, 0x4f, 0x62, 0x40, 0x54, 0x42,
-- 0x68, 0xd5, 0xe5, 0xdd, 0xf0, 0x76, 0x94, 0x59,
-- 0x1a, 0x57, 0x13, 0xb4, 0xc3, 0x70, 0xcc, 0xbd,
-- 0x4c, 0x2e, 0xc8, 0x6b, 0x9d, 0x68, 0xd0, 0x72,
-- 0x6a, 0x94, 0xd2, 0x18, 0xb5, 0x3b, 0x86, 0x45,
-- 0x95, 0xaa, 0x50, 0xda, 0x35, 0xeb, 0x69, 0x44,
-- 0x1f, 0xf3, 0x3a, 0x51, 0xbb, 0x1d, 0x08, 0x42,
-- 0x12, 0xd7, 0xd6, 0x21, 0xd8, 0x9b, 0x87, 0x55,
--};
--
--static const unsigned char rsa_sigverx931_1_sig[] = {
-- 0x3b, 0xba, 0xb3, 0xb1, 0xb2, 0x6a, 0x29, 0xb5,
-- 0xf9, 0x94, 0xf1, 0x00, 0x5c, 0x16, 0x67, 0x67,
-- 0x73, 0xd3, 0xde, 0x7e, 0x07, 0xfa, 0xaa, 0x95,
-- 0xeb, 0x5a, 0x55, 0xdc, 0xb2, 0xa9, 0x70, 0x5a,
-- 0xee, 0x8f, 0x8d, 0x69, 0x85, 0x2b, 0x00, 0xe3,
-- 0xdc, 0xe2, 0x73, 0x9b, 0x68, 0xeb, 0x93, 0x69,
-- 0x08, 0x03, 0x17, 0xd6, 0x50, 0x21, 0x14, 0x23,
-- 0x8c, 0xe6, 0x54, 0x3a, 0xd9, 0xfc, 0x8b, 0x14,
-- 0x81, 0xb1, 0x8b, 0x9d, 0xd2, 0xbe, 0x58, 0x75,
-- 0x94, 0x74, 0x93, 0xc9, 0xbb, 0x4e, 0xf6, 0x1f,
-- 0x73, 0x7d, 0x1a, 0x5f, 0xbd, 0xbf, 0x59, 0x37,
-- 0x5b, 0x98, 0x54, 0xad, 0x3a, 0xef, 0xa0, 0xef,
-- 0xcb, 0xc3, 0xe8, 0x84, 0xd8, 0x3d, 0xf5, 0x60,
-- 0xb8, 0xc3, 0x8d, 0x1e, 0x78, 0xa0, 0x91, 0x94,
-- 0xb7, 0xd7, 0xb1, 0xd4, 0xe2, 0xee, 0x81, 0x93,
-- 0xfc, 0x41, 0xf0, 0x31, 0xbb, 0x03, 0x52, 0xde,
-- 0x80, 0x20, 0x3a, 0x68, 0xe6, 0xc5, 0x50, 0x1b,
-- 0x08, 0x3f, 0x40, 0xde, 0xb3, 0xe5, 0x81, 0x99,
-- 0x7f, 0xdb, 0xb6, 0x5d, 0x61, 0x27, 0xd4, 0xfb,
-- 0xcd, 0xc5, 0x7a, 0xea, 0xde, 0x7a, 0x66, 0xef,
-- 0x55, 0x3f, 0x85, 0xea, 0x84, 0xc5, 0x0a, 0xf6,
-- 0x3c, 0x40, 0x38, 0xf7, 0x6c, 0x66, 0xe5, 0xbe,
-- 0x61, 0x41, 0xd3, 0xb1, 0x08, 0xe1, 0xb4, 0xf9,
-- 0x6e, 0xf6, 0x0e, 0x4a, 0x72, 0x6c, 0x61, 0x63,
-- 0x3e, 0x41, 0x33, 0x94, 0xd6, 0x27, 0xa4, 0xd9,
-- 0x3a, 0x20, 0x2b, 0x39, 0xea, 0xe5, 0x82, 0x48,
-- 0xd6, 0x5b, 0x58, 0x85, 0x44, 0xb0, 0xd2, 0xfd,
-- 0xfb, 0x3e, 0xeb, 0x78, 0xac, 0xbc, 0xba, 0x16,
-- 0x92, 0x0e, 0x20, 0xc1, 0xb2, 0xd1, 0x92, 0xa8,
-- 0x00, 0x88, 0xc0, 0x41, 0x46, 0x38, 0xb6, 0x54,
-- 0x70, 0x0c, 0x00, 0x62, 0x97, 0x6a, 0x8e, 0x66,
-- 0x5a, 0xa1, 0x6c, 0xf7, 0x6d, 0xc2, 0x27, 0x56,
-- 0x60, 0x5b, 0x0c, 0x52, 0xac, 0x5c, 0xae, 0x99,
-- 0x55, 0x11, 0x62, 0x52, 0x09, 0x48, 0x53, 0x90,
-- 0x3c, 0x0b, 0xd4, 0xdc, 0x7b, 0xe3, 0x4c, 0xe3,
-- 0xa8, 0x6d, 0xc5, 0xdf, 0xc1, 0x5c, 0x59, 0x25,
-- 0x99, 0x30, 0xde, 0x57, 0x6a, 0x84, 0x25, 0x34,
-- 0x3e, 0x64, 0x11, 0xdb, 0x7a, 0x82, 0x8e, 0x70,
-- 0xd2, 0x5c, 0x0e, 0x81, 0xa0, 0x24, 0x53, 0x75,
-- 0x98, 0xd6, 0x10, 0x01, 0x6a, 0x14, 0xed, 0xc3,
-- 0x6f, 0xc4, 0x18, 0xb8, 0xd2, 0x9f, 0x59, 0x53,
-- 0x81, 0x3a, 0x86, 0x31, 0xfc, 0x9e, 0xbf, 0x6c,
-- 0x52, 0x93, 0x86, 0x9c, 0xaa, 0x6c, 0x6f, 0x07,
-- 0x8a, 0x40, 0x33, 0x64, 0xb2, 0x70, 0x48, 0x85,
-- 0x05, 0x59, 0x65, 0x2d, 0x6b, 0x9a, 0xad, 0xab,
-- 0x20, 0x7e, 0x02, 0x6d, 0xde, 0xcf, 0x22, 0x0b,
-- 0xea, 0x6e, 0xbd, 0x1c, 0x39, 0x3a, 0xfd, 0xa4,
-- 0xde, 0x54, 0xae, 0xde, 0x5e, 0xf7, 0xb0, 0x6d,
--};
--
- static const struct rsa_sigver_st rsa_sigver_data[] = {
- {
- "pkcs1", /* pkcs1v1.5 */
-@@ -1841,17 +1638,6 @@ static const struct rsa_sigver_st rsa_sigver_data[] = {
- NO_PSS_SALT_LEN,
- FAIL
- },
-- {
-- "x931",
-- 3072,
-- "SHA256",
-- ITM(rsa_sigverx931_1_msg),
-- ITM(rsa_sigverx931_1_n),
-- ITM(rsa_sigverx931_1_e),
-- ITM(rsa_sigverx931_1_sig),
-- NO_PSS_SALT_LEN,
-- FAIL
-- },
- {
- "pss",
- 4096,
---
-2.41.0
-
diff --git a/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch b/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
deleted file mode 100644
index 1a5ddb7..0000000
--- a/0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From a061dba4f6bb52b647aa8f411d32f0c8898a9cb2 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 35/49]
- 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
-
-Patch-name: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
-Patch-id: 83
-Patch-status: |
- # [PATCH 37/46]
- # 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- include/crypto/evp.h | 7 +++++++
- include/openssl/evp.h | 3 +++
- providers/implementations/macs/hmac_prov.c | 17 +++++++++++++++++
- util/perl/OpenSSL/paramnames.pm | 13 +++++++------
- 4 files changed, 34 insertions(+), 6 deletions(-)
-
-diff --git a/include/crypto/evp.h b/include/crypto/evp.h
-index 1e4895959b..5a2b324762 100644
---- a/include/crypto/evp.h
-+++ b/include/crypto/evp.h
-@@ -206,6 +206,13 @@ const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
- const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
- const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
-
-+#ifdef FIPS_MODULE
-+/* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms specifies key
-+ * lengths < 112 bytes are disallowed for HMAC generation and legacy use for
-+ * HMAC verification. */
-+# define EVP_HMAC_GEN_FIPS_MIN_KEY_LEN (112 / 8)
-+#endif
-+
- struct evp_mac_st {
- OSSL_PROVIDER *prov;
- int name_id;
-diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index ea7620d631..48d5886d1e 100644
---- a/include/openssl/evp.h
-+++ b/include/openssl/evp.h
-@@ -1199,6 +1199,9 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
- void *arg);
-
- /* MAC stuff */
-+# define EVP_MAC_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
-+# define EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED 1
-+# define EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
-
- EVP_MAC *EVP_MAC_fetch(OSSL_LIB_CTX *libctx, const char *algorithm,
- const char *properties);
-diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
-index a1f3c2db84..f65215f532 100644
---- a/providers/implementations/macs/hmac_prov.c
-+++ b/providers/implementations/macs/hmac_prov.c
-@@ -21,6 +21,8 @@
- #include <openssl/evp.h>
- #include <openssl/hmac.h>
-
-+#include "crypto/evp.h"
-+
- #include "internal/ssl3_cbc.h"
-
- #include "prov/implementations.h"
-@@ -235,6 +237,9 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
- static const OSSL_PARAM known_gettable_ctx_params[] = {
- OSSL_PARAM_size_t(OSSL_MAC_PARAM_SIZE, NULL),
- OSSL_PARAM_size_t(OSSL_MAC_PARAM_BLOCK_SIZE, NULL),
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM_int(OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR, NULL),
-+#endif /* defined(FIPS_MODULE) */
- OSSL_PARAM_END
- };
- static const OSSL_PARAM *hmac_gettable_ctx_params(ossl_unused void *ctx,
-@@ -256,6 +261,18 @@ static int hmac_get_ctx_params(void *vmacctx, OSSL_PARAM params[])
- && !OSSL_PARAM_set_int(p, hmac_block_size(macctx)))
- return 0;
-
-+#ifdef FIPS_MODULE
-+ if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_REDHAT_FIPS_INDICATOR)) != NULL) {
-+ int fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_APPROVED;
-+ /* NIST SP 800-131Ar2, Table 9: Approval Status of MAC Algorithms
-+ * specifies key lengths < 112 bytes are disallowed for HMAC generation
-+ * and legacy use for HMAC verification. */
-+ if (macctx->keylen < EVP_HMAC_GEN_FIPS_MIN_KEY_LEN)
-+ fips_indicator = EVP_MAC_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+ return OSSL_PARAM_set_int(p, fips_indicator);
-+ }
-+#endif /* defined(FIPS_MODULE) */
-+
- return 1;
- }
-
-diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
-index 6618122417..8b2d430f17 100644
---- a/util/perl/OpenSSL/paramnames.pm
-+++ b/util/perl/OpenSSL/paramnames.pm
-@@ -137,12 +137,13 @@ my %params = (
- # If "engine",or "properties",are specified, they should always be paired
- # with "cipher",or "digest".
-
-- 'MAC_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string
-- 'MAC_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', # utf8 string
-- 'MAC_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', # utf8 string
-- 'MAC_PARAM_SIZE' => "size", # size_t
-- 'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t
-- 'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t
-+ 'MAC_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string
-+ 'MAC_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', # utf8 string
-+ 'MAC_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', # utf8 string
-+ 'MAC_PARAM_SIZE' => "size", # size_t
-+ 'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t
-+ 'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t
-+ 'MAC_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator", # size_t
-
- # KDF / PRF parameters
- 'KDF_PARAM_SECRET' => "secret", # octet string
---
-2.44.0
-
diff --git a/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch b/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
deleted file mode 100644
index bf94740..0000000
--- a/0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 915990e450e769e370fcacbfd8ed58ab6afaf2bf Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 15:47:55 +0200
-Subject: [PATCH 39/48]
- 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
-
-Patch-name: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
-Patch-id: 84
----
- providers/implementations/kdfs/pbkdf2.c | 27 ++++++++++++++++++++++++-
- 1 file changed, 26 insertions(+), 1 deletion(-)
-
-diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
-index 349c3dd657..11820d1e69 100644
---- a/providers/implementations/kdfs/pbkdf2.c
-+++ b/providers/implementations/kdfs/pbkdf2.c
-@@ -35,6 +35,21 @@
- #define KDF_PBKDF2_MAX_KEY_LEN_DIGEST_RATIO 0xFFFFFFFF
- #define KDF_PBKDF2_MIN_ITERATIONS 1000
- #define KDF_PBKDF2_MIN_SALT_LEN (128 / 8)
-+/* The Implementation Guidance for FIPS 140-3 says in section D.N
-+ * "Password-Based Key Derivation for Storage Applications" that "the vendor
-+ * shall document in the module’s Security Policy the length of
-+ * a password/passphrase used in key derivation and establish an upper bound
-+ * for the probability of having this parameter guessed at random. This
-+ * probability shall take into account not only the length of the
-+ * password/passphrase, but also the difficulty of guessing it. The decision on
-+ * the minimum length of a password used for key derivation is the vendor’s,
-+ * but the vendor shall at a minimum informally justify the decision."
-+ *
-+ * We are choosing a minimum password length of 8 bytes, because NIST's ACVP
-+ * testing uses passwords as short as 8 bytes, and requiring longer passwords
-+ * combined with an implicit indicator (i.e., returning an error) would cause
-+ * the module to fail ACVP testing. */
-+#define KDF_PBKDF2_MIN_PASSWORD_LEN (8)
-
- static OSSL_FUNC_kdf_newctx_fn kdf_pbkdf2_new;
- static OSSL_FUNC_kdf_dupctx_fn kdf_pbkdf2_dup;
-@@ -219,9 +234,15 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
- ctx->lower_bound_checks = pkcs5 == 0;
- }
-
-- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL)
-+ if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PASSWORD)) != NULL) {
-+ if (ctx->lower_bound_checks != 0
-+ && p->data_size < KDF_PBKDF2_MIN_PASSWORD_LEN) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
-+ return 0;
-+ }
- if (!pbkdf2_set_membuf(&ctx->pass, &ctx->pass_len, p))
- return 0;
-+ }
-
- if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
- if (ctx->lower_bound_checks != 0
-@@ -331,6 +352,10 @@ static int pbkdf2_derive(const char *pass, size_t passlen,
- }
-
- if (lower_bound_checks) {
-+ if (passlen < KDF_PBKDF2_MIN_PASSWORD_LEN) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
-+ return 0;
-+ }
- if ((keylen * 8) < KDF_PBKDF2_MIN_KEY_LEN_BITS) {
- ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
- return 0;
---
-2.41.0
-
diff --git a/0085-FIPS-RSA-disable-shake.patch b/0085-FIPS-RSA-disable-shake.patch
deleted file mode 100644
index 0c1815b..0000000
--- a/0085-FIPS-RSA-disable-shake.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From 2306fde5556cbcb875d095c09fed01a0f16fe7ec Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 15:51:55 +0200
-Subject: [PATCH 40/48] 0085-FIPS-RSA-disable-shake.patch
-
-Patch-name: 0085-FIPS-RSA-disable-shake.patch
-Patch-id: 85
----
- crypto/rsa/rsa_oaep.c | 28 ++++++++++++++++++++++++++++
- crypto/rsa/rsa_pss.c | 16 ++++++++++++++++
- 2 files changed, 44 insertions(+)
-
-diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
-index b2f7f7dc4b..af2b0b026c 100644
---- a/crypto/rsa/rsa_oaep.c
-+++ b/crypto/rsa/rsa_oaep.c
-@@ -78,9 +78,23 @@ int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex2(OSSL_LIB_CTX *libctx,
- return 0;
- #endif
- }
-+
-+#ifdef FIPS_MODULE
-+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
-+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
-+ return 0;
-+ }
-+#endif
- if (mgf1md == NULL)
- mgf1md = md;
-
-+#ifdef FIPS_MODULE
-+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
-+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
-+ return 0;
-+ }
-+#endif
-+
- mdlen = EVP_MD_get_size(md);
- if (mdlen <= 0) {
- ERR_raise(ERR_LIB_RSA, RSA_R_INVALID_LENGTH);
-@@ -203,9 +217,23 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
- #endif
- }
-
-+#ifdef FIPS_MODULE
-+ if (EVP_MD_is_a(md, "SHAKE-128") || EVP_MD_is_a(md, "SHAKE-256")) {
-+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
-+ return -1;
-+ }
-+#endif
-+
- if (mgf1md == NULL)
- mgf1md = md;
-
-+#ifdef FIPS_MODULE
-+ if (EVP_MD_is_a(mgf1md, "SHAKE-128") || EVP_MD_is_a(mgf1md, "SHAKE-256")) {
-+ ERR_raise(ERR_LIB_RSA, RSA_R_DIGEST_NOT_ALLOWED);
-+ return -1;
-+ }
-+#endif
-+
- mdlen = EVP_MD_get_size(md);
-
- if (tlen <= 0 || flen <= 0 || mdlen <= 0)
-diff --git a/crypto/rsa/rsa_pss.c b/crypto/rsa/rsa_pss.c
-index bb46ec64c7..c0fdf232da 100644
---- a/crypto/rsa/rsa_pss.c
-+++ b/crypto/rsa/rsa_pss.c
-@@ -53,6 +53,14 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
- if (mgf1Hash == NULL)
- mgf1Hash = Hash;
-
-+#ifdef FIPS_MODULE
-+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
-+ goto err;
-+
-+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
-+ goto err;
-+#endif
-+
- hLen = EVP_MD_get_size(Hash);
- if (hLen < 0)
- goto err;
-@@ -168,6 +176,14 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
- if (mgf1Hash == NULL)
- mgf1Hash = Hash;
-
-+#ifdef FIPS_MODULE
-+ if (EVP_MD_is_a(Hash, "SHAKE-128") || EVP_MD_is_a(Hash, "SHAKE-256"))
-+ goto err;
-+
-+ if (EVP_MD_is_a(mgf1Hash, "SHAKE-128") || EVP_MD_is_a(mgf1Hash, "SHAKE-256"))
-+ goto err;
-+#endif
-+
- hLen = EVP_MD_get_size(Hash);
- if (hLen < 0)
- goto err;
---
-2.41.0
-
diff --git a/0088-signature-Add-indicator-for-PSS-salt-length.patch b/0088-signature-Add-indicator-for-PSS-salt-length.patch
deleted file mode 100644
index 63dc019..0000000
--- a/0088-signature-Add-indicator-for-PSS-salt-length.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From 9134fadd6544be82f96e3d5ce9c1f489de6a1745 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 38/49] 0088-signature-Add-indicator-for-PSS-salt-length.patch
-
-Patch-name: 0088-signature-Add-indicator-for-PSS-salt-length.patch
-Patch-id: 88
-Patch-status: |
- # 0088-signature-Add-indicator-for-PSS-salt-length.patch
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- include/openssl/evp.h | 4 ++++
- providers/implementations/signature/rsa_sig.c | 21 +++++++++++++++++
- util/perl/OpenSSL/paramnames.pm | 23 ++++++++++---------
- 3 files changed, 37 insertions(+), 11 deletions(-)
-
-diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index 48d5886d1e..e3fa4a8043 100644
---- a/include/openssl/evp.h
-+++ b/include/openssl/evp.h
-@@ -804,6 +804,10 @@ __owur int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- __owur int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm,
- int *outl);
-
-+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
-+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED 1
-+# define EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
-+
- __owur int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
- EVP_PKEY *pkey);
- __owur int EVP_SignFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s,
-diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
-index b0f32f0b57..1e56d673ee 100644
---- a/providers/implementations/signature/rsa_sig.c
-+++ b/providers/implementations/signature/rsa_sig.c
-@@ -1169,6 +1169,24 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
- }
- }
-
-+#ifdef FIPS_MODULE
-+ p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR);
-+ if (p != NULL) {
-+ int fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_APPROVED;
-+ if (prsactx->pad_mode == RSA_PKCS1_PSS_PADDING) {
-+ if (prsactx->md == NULL) {
-+ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_UNDETERMINED;
-+ } else if (rsa_pss_compute_saltlen(prsactx) > EVP_MD_get_size(prsactx->md)) {
-+ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+ }
-+ } else if (prsactx->pad_mode == RSA_NO_PADDING) {
-+ if (prsactx->md == NULL) /* Should always be the case */
-+ fips_indicator = EVP_SIGNATURE_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+ }
-+ return OSSL_PARAM_set_int(p, fips_indicator);
-+ }
-+#endif
-+
- return 1;
- }
-
-@@ -1178,6 +1196,9 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
- OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
- OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0),
- OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0),
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM_int(OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR, NULL),
-+#endif
- OSSL_PARAM_END
- };
-
-diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
-index 8b2d430f17..a109e44521 100644
---- a/util/perl/OpenSSL/paramnames.pm
-+++ b/util/perl/OpenSSL/paramnames.pm
-@@ -377,17 +377,18 @@ my %params = (
- 'EXCHANGE_PARAM_KDF_UKM' => "kdf-ukm",
-
- # Signature parameters
-- 'SIGNATURE_PARAM_ALGORITHM_ID' => "algorithm-id",
-- 'SIGNATURE_PARAM_PAD_MODE' => '*PKEY_PARAM_PAD_MODE',
-- 'SIGNATURE_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST',
-- 'SIGNATURE_PARAM_PROPERTIES' => '*PKEY_PARAM_PROPERTIES',
-- 'SIGNATURE_PARAM_PSS_SALTLEN' => "saltlen",
-- 'SIGNATURE_PARAM_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST',
-- 'SIGNATURE_PARAM_MGF1_PROPERTIES' => '*PKEY_PARAM_MGF1_PROPERTIES',
-- 'SIGNATURE_PARAM_DIGEST_SIZE' => '*PKEY_PARAM_DIGEST_SIZE',
-- 'SIGNATURE_PARAM_NONCE_TYPE' => "nonce-type",
-- 'SIGNATURE_PARAM_INSTANCE' => "instance",
-- 'SIGNATURE_PARAM_CONTEXT_STRING' => "context-string",
-+ 'SIGNATURE_PARAM_ALGORITHM_ID' => "algorithm-id",
-+ 'SIGNATURE_PARAM_PAD_MODE' => '*PKEY_PARAM_PAD_MODE',
-+ 'SIGNATURE_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST',
-+ 'SIGNATURE_PARAM_PROPERTIES' => '*PKEY_PARAM_PROPERTIES',
-+ 'SIGNATURE_PARAM_PSS_SALTLEN' => "saltlen",
-+ 'SIGNATURE_PARAM_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST',
-+ 'SIGNATURE_PARAM_MGF1_PROPERTIES' => '*PKEY_PARAM_MGF1_PROPERTIES',
-+ 'SIGNATURE_PARAM_DIGEST_SIZE' => '*PKEY_PARAM_DIGEST_SIZE',
-+ 'SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator",
-+ 'SIGNATURE_PARAM_NONCE_TYPE' => "nonce-type",
-+ 'SIGNATURE_PARAM_INSTANCE' => "instance",
-+ 'SIGNATURE_PARAM_CONTEXT_STRING' => "context-string",
-
- # Asym cipher parameters
- 'ASYM_CIPHER_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST',
---
-2.44.0
-
diff --git a/0091-FIPS-RSA-encapsulate.patch b/0091-FIPS-RSA-encapsulate.patch
deleted file mode 100644
index 0e7c754..0000000
--- a/0091-FIPS-RSA-encapsulate.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From afab56d09edb525dd794fcb2ae2295ab7f39400a Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 16:01:48 +0200
-Subject: [PATCH 42/48] 0091-FIPS-RSA-encapsulate.patch
-
-Patch-name: 0091-FIPS-RSA-encapsulate.patch
-Patch-id: 91
----
- providers/implementations/kem/rsa_kem.c | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
-index 365ae3d7d6..8a6f585d0b 100644
---- a/providers/implementations/kem/rsa_kem.c
-+++ b/providers/implementations/kem/rsa_kem.c
-@@ -265,6 +265,13 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
- return 0;
- }
-+
-+#ifdef FIPS_MODULE
-+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
-+ return 0;
-+ }
-+#endif
-
- /*
- * Step (2): Generate a random byte string z of nlen bytes where
-@@ -308,6 +316,13 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
- return 1;
- }
-
-+#ifdef FIPS_MODULE
-+ if (nlen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS/8) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_KEY_SIZE_TOO_SMALL);
-+ return 0;
-+ }
-+#endif
-+
- /*
- * Step (2): check the input ciphertext 'inlen' matches the nlen
- * and that outlen is at least nlen bytes
---
-2.41.0
-
diff --git a/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch b/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
deleted file mode 100644
index 48d8359..0000000
--- a/0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
+++ /dev/null
@@ -1,330 +0,0 @@
-From 590babb35e3aa399c889282747965e301333a656 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 16:07:18 +0200
-Subject: [PATCH 43/48]
- 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
-
-Patch-name: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
-Patch-id: 93
----
- crypto/dh/dh_backend.c | 10 ++++
- crypto/dh/dh_check.c | 12 ++--
- crypto/dh/dh_gen.c | 12 +++-
- crypto/dh/dh_key.c | 13 ++--
- crypto/dh/dh_pmeth.c | 10 +++-
- providers/implementations/keymgmt/dh_kmgmt.c | 5 ++
- test/endecode_test.c | 4 +-
- test/evp_libctx_test.c | 2 +-
- test/helpers/predefined_dhparams.c | 62 ++++++++++++++++++++
- test/helpers/predefined_dhparams.h | 1 +
- test/recipes/80-test_cms.t | 4 +-
- test/recipes/80-test_ssl_old.t | 3 +
- 12 files changed, 118 insertions(+), 20 deletions(-)
-
-diff --git a/crypto/dh/dh_backend.c b/crypto/dh/dh_backend.c
-index 726843fd30..24c65ca84f 100644
---- a/crypto/dh/dh_backend.c
-+++ b/crypto/dh/dh_backend.c
-@@ -53,6 +53,16 @@ int ossl_dh_params_fromdata(DH *dh, const OSSL_PARAM params[])
- if (!dh_ffc_params_fromdata(dh, params))
- return 0;
-
-+#ifdef FIPS_MODULE
-+ if (!ossl_dh_is_named_safe_prime_group(dh)) {
-+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
-+ "FIPS 186-4 type domain parameters no longer allowed in"
-+ " FIPS mode, since the required validation routines"
-+ " were removed from FIPS 186-5");
-+ return 0;
-+ }
-+#endif
-+
- param_priv_len =
- OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DH_PRIV_LEN);
- if (param_priv_len != NULL
-diff --git a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
-index 0b391910d6..75581ca347 100644
---- a/crypto/dh/dh_check.c
-+++ b/crypto/dh/dh_check.c
-@@ -57,13 +57,15 @@ int DH_check_params(const DH *dh, int *ret)
- nid = DH_get_nid((DH *)dh);
- if (nid != NID_undef)
- return 1;
-+
- /*
-- * OR
-- * (2b) FFC domain params conform to FIPS-186-4 explicit domain param
-- * validity tests.
-+ * FIPS 186-4 explicit domain parameters are no longer supported in FIPS mode.
- */
-- return ossl_ffc_params_FIPS186_4_validate(dh->libctx, &dh->params,
-- FFC_PARAM_TYPE_DH, ret, NULL);
-+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
-+ "FIPS 186-4 type domain parameters no longer allowed in"
-+ " FIPS mode, since the required validation routines were"
-+ " removed from FIPS 186-5");
-+ return 0;
- }
- #else
- int DH_check_params(const DH *dh, int *ret)
-diff --git a/crypto/dh/dh_gen.c b/crypto/dh/dh_gen.c
-index 204662a81c..9961f21920 100644
---- a/crypto/dh/dh_gen.c
-+++ b/crypto/dh/dh_gen.c
-@@ -39,18 +39,26 @@ static int dh_builtin_genparams(DH *ret, int prime_len, int generator,
- int ossl_dh_generate_ffc_parameters(DH *dh, int type, int pbits, int qbits,
- BN_GENCB *cb)
- {
-- int ret, res;
-+ int ret = 0;
-
- #ifndef FIPS_MODULE
-+ int res;
-+
- if (type == DH_PARAMGEN_TYPE_FIPS_186_2)
- ret = ossl_ffc_params_FIPS186_2_generate(dh->libctx, &dh->params,
- FFC_PARAM_TYPE_DH,
- pbits, qbits, &res, cb);
- else
--#endif
- ret = ossl_ffc_params_FIPS186_4_generate(dh->libctx, &dh->params,
- FFC_PARAM_TYPE_DH,
- pbits, qbits, &res, cb);
-+#else
-+ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
-+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
-+ "FIPS 186-4 type domain parameters no longer allowed in"
-+ " FIPS mode, since the required generation routines were"
-+ " removed from FIPS 186-5");
-+#endif
- if (ret > 0)
- dh->dirty_cnt++;
- return ret;
-diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
-index 83773cceea..7e988368d3 100644
---- a/crypto/dh/dh_key.c
-+++ b/crypto/dh/dh_key.c
-@@ -321,8 +321,12 @@ static int generate_key(DH *dh)
- goto err;
- } else {
- #ifdef FIPS_MODULE
-- if (dh->params.q == NULL)
-- goto err;
-+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
-+ "FIPS 186-4 type domain parameters no longer"
-+ " allowed in FIPS mode, since the required"
-+ " generation routines were removed from FIPS"
-+ " 186-5");
-+ goto err;
- #else
- if (dh->params.q == NULL) {
- /* secret exponent length, must satisfy 2^(l-1) <= p */
-@@ -343,9 +347,7 @@ static int generate_key(DH *dh)
- if (!BN_clear_bit(priv_key, 0))
- goto err;
- }
-- } else
--#endif
-- {
-+ } else {
- /* Do a partial check for invalid p, q, g */
- if (!ossl_ffc_params_simple_validate(dh->libctx, &dh->params,
- FFC_PARAM_TYPE_DH, NULL))
-@@ -361,6 +363,7 @@ static int generate_key(DH *dh)
- priv_key))
- goto err;
- }
-+#endif
- }
- }
-
-diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
-index f201eede0d..30f90d15be 100644
---- a/crypto/dh/dh_pmeth.c
-+++ b/crypto/dh/dh_pmeth.c
-@@ -305,13 +305,17 @@ static DH *ffc_params_generate(OSSL_LIB_CTX *libctx, DH_PKEY_CTX *dctx,
- prime_len, subprime_len, &res,
- pcb);
- else
--# endif
-- /* For FIPS we always use the DH_PARAMGEN_TYPE_FIPS_186_4 generator */
-- if (dctx->paramgen_type >= DH_PARAMGEN_TYPE_FIPS_186_2)
- rv = ossl_ffc_params_FIPS186_4_generate(libctx, &ret->params,
- FFC_PARAM_TYPE_DH,
- prime_len, subprime_len, &res,
- pcb);
-+# else
-+ /* In FIPS mode, we no longer support FIPS 186-4 domain parameters */
-+ ERR_raise_data(ERR_LIB_DH, DH_R_BAD_FFC_PARAMETERS,
-+ "FIPS 186-4 type domain parameters no longer allowed in"
-+ " FIPS mode, since the required generation routines were"
-+ " removed from FIPS 186-5");
-+# endif
- if (rv <= 0) {
- DH_free(ret);
- return NULL;
-diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
-index 9a7dde7c66..b3e7bca5ac 100644
---- a/providers/implementations/keymgmt/dh_kmgmt.c
-+++ b/providers/implementations/keymgmt/dh_kmgmt.c
-@@ -414,6 +414,11 @@ static int dh_validate(const void *keydata, int selection, int checktype)
- if ((selection & DH_POSSIBLE_SELECTIONS) == 0)
- return 1; /* nothing to validate */
-
-+#ifdef FIPS_MODULE
-+ /* In FIPS provider, always check the domain parameters to disallow
-+ * operations on keys with FIPS 186-4 params. */
-+ selection |= OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS;
-+#endif
- if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) {
- /*
- * Both of these functions check parameters. DH_check_params_ex()
-diff --git a/test/endecode_test.c b/test/endecode_test.c
-index 53385028fc..169f3ccd73 100644
---- a/test/endecode_test.c
-+++ b/test/endecode_test.c
-@@ -84,10 +84,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
- * for testing only. Use a minimum key size of 2048 for security purposes.
- */
- if (strcmp(type, "DH") == 0)
-- return get_dh512(keyctx);
-+ return get_dh2048(keyctx);
-
- if (strcmp(type, "X9.42 DH") == 0)
-- return get_dhx512(keyctx);
-+ return get_dhx_ffdhe2048(keyctx);
- # endif
-
- /*
-diff --git a/test/evp_libctx_test.c b/test/evp_libctx_test.c
-index a7913cda4c..96a35ac1cc 100644
---- a/test/evp_libctx_test.c
-+++ b/test/evp_libctx_test.c
-@@ -189,7 +189,7 @@ static int do_dh_param_keygen(int tstid, const BIGNUM **bn)
-
- if (!TEST_ptr(gen_ctx = EVP_PKEY_CTX_new_from_pkey(libctx, pkey_parm, NULL))
- || !TEST_int_gt(EVP_PKEY_keygen_init(gen_ctx), 0)
-- || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey), expected))
-+ || !TEST_int_eq(EVP_PKEY_keygen(gen_ctx, &pkey) == 1, expected))
- goto err;
-
- if (expected) {
-diff --git a/test/helpers/predefined_dhparams.c b/test/helpers/predefined_dhparams.c
-index 4bdadc4143..e5186e4b4a 100644
---- a/test/helpers/predefined_dhparams.c
-+++ b/test/helpers/predefined_dhparams.c
-@@ -116,6 +116,68 @@ EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx)
- dhx512_q, sizeof(dhx512_q));
- }
-
-+EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx)
-+{
-+ /* This is RFC 7919 ffdhe2048, since Red Hat removes support for
-+ * non-well-known groups in FIPS mode. */
-+ static unsigned char dhx_p[] = {
-+ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xad, 0xf8, 0x54, 0x58,
-+ 0xa2, 0xbb, 0x4a, 0x9a, 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1,
-+ 0xd8, 0xb9, 0xc5, 0x83, 0xce, 0x2d, 0x36, 0x95, 0xa9, 0xe1, 0x36, 0x41,
-+ 0x14, 0x64, 0x33, 0xfb, 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9,
-+ 0x7d, 0x2f, 0xe3, 0x63, 0x63, 0x0c, 0x75, 0xd8, 0xf6, 0x81, 0xb2, 0x02,
-+ 0xae, 0xc4, 0x61, 0x7a, 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61,
-+ 0x24, 0x33, 0xf5, 0x1f, 0x5f, 0x06, 0x6e, 0xd0, 0x85, 0x63, 0x65, 0x55,
-+ 0x3d, 0xed, 0x1a, 0xf3, 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35,
-+ 0x98, 0x4f, 0x0c, 0x70, 0xe0, 0xe6, 0x8b, 0x77, 0xe2, 0xa6, 0x89, 0xda,
-+ 0xf3, 0xef, 0xe8, 0x72, 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35,
-+ 0x30, 0xac, 0xca, 0x4f, 0x48, 0x3a, 0x79, 0x7a, 0xbc, 0x0a, 0xb1, 0x82,
-+ 0xb3, 0x24, 0xfb, 0x61, 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb,
-+ 0xb9, 0x6a, 0xda, 0xb7, 0x60, 0xd7, 0xf4, 0x68, 0x1d, 0x4f, 0x42, 0xa3,
-+ 0xde, 0x39, 0x4d, 0xf4, 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19,
-+ 0x0b, 0x07, 0xa7, 0xc8, 0xee, 0x0a, 0x6d, 0x70, 0x9e, 0x02, 0xfc, 0xe1,
-+ 0xcd, 0xf7, 0xe2, 0xec, 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61,
-+ 0x91, 0x72, 0xfe, 0x9c, 0xe9, 0x85, 0x83, 0xff, 0x8e, 0x4f, 0x12, 0x32,
-+ 0xee, 0xf2, 0x81, 0x83, 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73,
-+ 0x3b, 0xb5, 0xfc, 0xbc, 0x2e, 0xc2, 0x20, 0x05, 0xc5, 0x8e, 0xf1, 0x83,
-+ 0x7d, 0x16, 0x83, 0xb2, 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa,
-+ 0x88, 0x6b, 0x42, 0x38, 0x61, 0x28, 0x5c, 0x97, 0xff, 0xff, 0xff, 0xff,
-+ 0xff, 0xff, 0xff, 0xff
-+ };
-+ static unsigned char dhx_g[] = {
-+ 0x02
-+ };
-+ static unsigned char dhx_q[] = {
-+ 0x7f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xd6, 0xfc, 0x2a, 0x2c,
-+ 0x51, 0x5d, 0xa5, 0x4d, 0x57, 0xee, 0x2b, 0x10, 0x13, 0x9e, 0x9e, 0x78,
-+ 0xec, 0x5c, 0xe2, 0xc1, 0xe7, 0x16, 0x9b, 0x4a, 0xd4, 0xf0, 0x9b, 0x20,
-+ 0x8a, 0x32, 0x19, 0xfd, 0xe6, 0x49, 0xce, 0xe7, 0x12, 0x4d, 0x9f, 0x7c,
-+ 0xbe, 0x97, 0xf1, 0xb1, 0xb1, 0x86, 0x3a, 0xec, 0x7b, 0x40, 0xd9, 0x01,
-+ 0x57, 0x62, 0x30, 0xbd, 0x69, 0xef, 0x8f, 0x6a, 0xea, 0xfe, 0xb2, 0xb0,
-+ 0x92, 0x19, 0xfa, 0x8f, 0xaf, 0x83, 0x37, 0x68, 0x42, 0xb1, 0xb2, 0xaa,
-+ 0x9e, 0xf6, 0x8d, 0x79, 0xda, 0xab, 0x89, 0xaf, 0x3f, 0xab, 0xe4, 0x9a,
-+ 0xcc, 0x27, 0x86, 0x38, 0x70, 0x73, 0x45, 0xbb, 0xf1, 0x53, 0x44, 0xed,
-+ 0x79, 0xf7, 0xf4, 0x39, 0x0e, 0xf8, 0xac, 0x50, 0x9b, 0x56, 0xf3, 0x9a,
-+ 0x98, 0x56, 0x65, 0x27, 0xa4, 0x1d, 0x3c, 0xbd, 0x5e, 0x05, 0x58, 0xc1,
-+ 0x59, 0x92, 0x7d, 0xb0, 0xe8, 0x84, 0x54, 0xa5, 0xd9, 0x64, 0x71, 0xfd,
-+ 0xdc, 0xb5, 0x6d, 0x5b, 0xb0, 0x6b, 0xfa, 0x34, 0x0e, 0xa7, 0xa1, 0x51,
-+ 0xef, 0x1c, 0xa6, 0xfa, 0x57, 0x2b, 0x76, 0xf3, 0xb1, 0xb9, 0x5d, 0x8c,
-+ 0x85, 0x83, 0xd3, 0xe4, 0x77, 0x05, 0x36, 0xb8, 0x4f, 0x01, 0x7e, 0x70,
-+ 0xe6, 0xfb, 0xf1, 0x76, 0x60, 0x1a, 0x02, 0x66, 0x94, 0x1a, 0x17, 0xb0,
-+ 0xc8, 0xb9, 0x7f, 0x4e, 0x74, 0xc2, 0xc1, 0xff, 0xc7, 0x27, 0x89, 0x19,
-+ 0x77, 0x79, 0x40, 0xc1, 0xe1, 0xff, 0x1d, 0x8d, 0xa6, 0x37, 0xd6, 0xb9,
-+ 0x9d, 0xda, 0xfe, 0x5e, 0x17, 0x61, 0x10, 0x02, 0xe2, 0xc7, 0x78, 0xc1,
-+ 0xbe, 0x8b, 0x41, 0xd9, 0x63, 0x79, 0xa5, 0x13, 0x60, 0xd9, 0x77, 0xfd,
-+ 0x44, 0x35, 0xa1, 0x1c, 0x30, 0x94, 0x2e, 0x4b, 0xff, 0xff, 0xff, 0xff,
-+ 0xff, 0xff, 0xff, 0xff
-+ };
-+
-+ return get_dh_from_pg(libctx, "X9.42 DH",
-+ dhx_p, sizeof(dhx_p),
-+ dhx_g, sizeof(dhx_g),
-+ dhx_q, sizeof(dhx_q));
-+}
-+
- EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libctx)
- {
- static unsigned char dh1024_p[] = {
-diff --git a/test/helpers/predefined_dhparams.h b/test/helpers/predefined_dhparams.h
-index f0e8709062..2ff6d6e721 100644
---- a/test/helpers/predefined_dhparams.h
-+++ b/test/helpers/predefined_dhparams.h
-@@ -12,6 +12,7 @@
- #ifndef OPENSSL_NO_DH
- EVP_PKEY *get_dh512(OSSL_LIB_CTX *libctx);
- EVP_PKEY *get_dhx512(OSSL_LIB_CTX *libctx);
-+EVP_PKEY *get_dhx_ffdhe2048(OSSL_LIB_CTX *libctx);
- EVP_PKEY *get_dh1024dsa(OSSL_LIB_CTX *libct);
- EVP_PKEY *get_dh2048(OSSL_LIB_CTX *libctx);
- EVP_PKEY *get_dh4096(OSSL_LIB_CTX *libctx);
-diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 2a459856f0..afac836fa3 100644
---- a/test/recipes/80-test_cms.t
-+++ b/test/recipes/80-test_cms.t
-@@ -627,10 +627,10 @@ my @smime_cms_param_tests = (
- # Only SHA1 supported in dh_cms_encrypt()
- push(@smime_cms_param_tests,
- [ "enveloped content test streaming S/MIME format, X9.42 DH",
-- [ "{cmd1}", @prov, "-encrypt", "-in", $smcont,
-+ [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
- "-stream", "-out", "{output}.cms",
- "-recip", catfile($smdir, "smdh.pem"), "-aes128" ],
-- [ "{cmd2}", @prov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
-+ [ "{cmd2}", @defaultprov, "-decrypt", "-recip", catfile($smdir, "smdh.pem"),
- "-in", "{output}.cms", "-out", "{output}.txt" ],
- \&final_compare
- ]
-diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
-index 527abcea6e..e1d38b1e62 100644
---- a/test/recipes/80-test_ssl_old.t
-+++ b/test/recipes/80-test_ssl_old.t
-@@ -390,6 +390,9 @@ sub testssl {
- skip "skipping dhe1024dsa test", 1
- if ($no_dh);
-
-+ skip "FIPS 186-4 type DH groups are no longer supported by the FIPS provider", 1
-+ if $provider eq "fips";
-+
- ok(run(test([@ssltest, "-bio_pair", "-dhe1024dsa", "-v"])),
- 'test sslv2/sslv3 with 1024bit DHE via BIO pair');
- }
---
-2.41.0
-
diff --git a/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch b/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
deleted file mode 100644
index 9a65e22..0000000
--- a/0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
+++ /dev/null
@@ -1,104 +0,0 @@
-From bfe2412d6d41c8d2299bf40e24f23d4abcfb68e9 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 41/49]
- 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
-
-Patch-name: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
-Patch-id: 110
-Patch-status: |
- # [PATCH 43/46]
- # 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- include/openssl/evp.h | 4 +++
- .../implementations/ciphers/ciphercommon.c | 4 +++
- .../ciphers/ciphercommon_gcm.c | 25 +++++++++++++++++++
- util/perl/OpenSSL/paramnames.pm | 5 ++--
- 4 files changed, 36 insertions(+), 2 deletions(-)
-
-diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index e3fa4a8043..dc42140932 100644
---- a/include/openssl/evp.h
-+++ b/include/openssl/evp.h
-@@ -753,6 +753,10 @@ void EVP_CIPHER_CTX_set_flags(EVP_CIPHER_CTX *ctx, int flags);
- void EVP_CIPHER_CTX_clear_flags(EVP_CIPHER_CTX *ctx, int flags);
- int EVP_CIPHER_CTX_test_flags(const EVP_CIPHER_CTX *ctx, int flags);
-
-+# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
-+# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_APPROVED 1
-+# define EVP_CIPHER_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
-+
- __owur int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
- const unsigned char *key, const unsigned char *iv);
- __owur int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,
-diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
-index db81af5401..ae66521827 100644
---- a/providers/implementations/ciphers/ciphercommon.c
-+++ b/providers/implementations/ciphers/ciphercommon.c
-@@ -152,6 +152,10 @@ static const OSSL_PARAM cipher_aead_known_gettable_ctx_params[] = {
- OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
- OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD, NULL),
- OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN, NULL, 0),
-+ /* normally we would hide this under an #ifdef FIPS_MODULE, but that does
-+ * not work in ciphercommon.c because it is compiled only once into
-+ * libcommon.a */
-+ OSSL_PARAM_int(OSSL_CIPHER_PARAM_REDHAT_FIPS_INDICATOR, NULL),
- OSSL_PARAM_END
- };
- const OSSL_PARAM *ossl_cipher_aead_gettable_ctx_params(
-diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c
-index fe24b450a5..b39d8d562c 100644
---- a/providers/implementations/ciphers/ciphercommon_gcm.c
-+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
-@@ -238,6 +238,31 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
- break;
- }
- }
-+
-+ /* We would usually hide this under #ifdef FIPS_MODULE, but
-+ * ciphercommon_gcm.c is only compiled once into libcommon.a, so ifdefs do
-+ * not work here. */
-+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_REDHAT_FIPS_INDICATOR);
-+ if (p != NULL) {
-+ int fips_indicator = EVP_CIPHER_REDHAT_FIPS_INDICATOR_APPROVED;
-+
-+ /* Implementation Guidance for FIPS 140-3 and the Cryptographic Module
-+ * Verification Program, Section C.H requires guarantees about the
-+ * uniqueness of key/iv pairs, and proposes a few approaches to ensure
-+ * this. This provides an indicator for option 2 "The IV may be
-+ * generated internally at its entirety randomly." Note that one of the
-+ * conditions of this option is that "The IV length shall be at least
-+ * 96 bits (per SP 800-38D)." We do not specically check for this
-+ * condition here, because gcm_iv_generate will fail in this case. */
-+ if (ctx->enc && !ctx->iv_gen_rand)
-+ fips_indicator = EVP_CIPHER_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ if (!OSSL_PARAM_set_int(p, fips_indicator)) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
-+ return 0;
-+ }
-+ }
-+
- return 1;
- }
-
-diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
-index a109e44521..64e9809387 100644
---- a/util/perl/OpenSSL/paramnames.pm
-+++ b/util/perl/OpenSSL/paramnames.pm
-@@ -101,8 +101,9 @@ my %params = (
- 'CIPHER_PARAM_SPEED' => "speed", # uint
- 'CIPHER_PARAM_CTS_MODE' => "cts_mode", # utf8_string
- # For passing the AlgorithmIdentifier parameter in DER form
-- 'CIPHER_PARAM_ALGORITHM_ID_PARAMS' => "alg_id_param",# octet_string
-- 'CIPHER_PARAM_XTS_STANDARD' => "xts_standard",# utf8_string
-+ 'CIPHER_PARAM_ALGORITHM_ID_PARAMS' => "alg_id_param",# octet_string
-+ 'CIPHER_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator", # int
-+ 'CIPHER_PARAM_XTS_STANDARD' => "xts_standard",# utf8_string
-
- 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT' => "tls1multi_maxsndfrag",# uint
- 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE' => "tls1multi_maxbufsz", # size_t
---
-2.44.0
-
diff --git a/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch b/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
deleted file mode 100644
index aec08c9..0000000
--- a/0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From 48c763ed9cc889806bc01222382ce6f918a408a2 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 16:12:33 +0200
-Subject: [PATCH 46/48]
- 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
-
-Patch-name: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
-Patch-id: 112
----
- providers/implementations/kdfs/pbkdf2.c | 40 +++++++++++++++++++++++--
- 1 file changed, 37 insertions(+), 3 deletions(-)
-
-diff --git a/providers/implementations/kdfs/pbkdf2.c b/providers/implementations/kdfs/pbkdf2.c
-index 11820d1e69..bae2238ab5 100644
---- a/providers/implementations/kdfs/pbkdf2.c
-+++ b/providers/implementations/kdfs/pbkdf2.c
-@@ -284,11 +284,42 @@ static const OSSL_PARAM *kdf_pbkdf2_settable_ctx_params(ossl_unused void *ctx,
-
- static int kdf_pbkdf2_get_ctx_params(void *vctx, OSSL_PARAM params[])
- {
-+#ifdef FIPS_MODULE
-+ KDF_PBKDF2 *ctx = (KDF_PBKDF2 *)vctx;
-+#endif /* defined(FIPS_MODULE) */
- OSSL_PARAM *p;
-+ int any_valid = 0; /* set to 1 when at least one parameter was valid */
-+
-+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) {
-+ any_valid = 1;
-+
-+ if (!OSSL_PARAM_set_size_t(p, SIZE_MAX))
-+ return 0;
-+ }
-+
-+#ifdef FIPS_MODULE
-+ if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR))
-+ != NULL) {
-+ int fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_APPROVED;
-+
-+ /* The lower_bound_checks parameter enables checks required by FIPS. If
-+ * those checks are disabled, the PBKDF2 implementation will also
-+ * support non-approved parameters (e.g., salt lengths < 16 bytes, see
-+ * NIST SP 800-132 section 5.1). */
-+ if (!ctx->lower_bound_checks)
-+ fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-
-- if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL)
-- return OSSL_PARAM_set_size_t(p, SIZE_MAX);
-- return -2;
-+ if (!OSSL_PARAM_set_int(p, fips_indicator))
-+ return 0;
-+
-+ any_valid = 1;
-+ }
-+#endif /* defined(FIPS_MODULE) */
-+
-+ if (!any_valid)
-+ return -2;
-+
-+ return 1;
- }
-
- static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx,
-@@ -296,6 +327,9 @@ static const OSSL_PARAM *kdf_pbkdf2_gettable_ctx_params(ossl_unused void *ctx,
- {
- static const OSSL_PARAM known_gettable_ctx_params[] = {
- OSSL_PARAM_size_t(OSSL_KDF_PARAM_SIZE, NULL),
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM_int(OSSL_KDF_PARAM_REDHAT_FIPS_INDICATOR, NULL),
-+#endif /* defined(FIPS_MODULE) */
- OSSL_PARAM_END
- };
- return known_gettable_ctx_params;
---
-2.41.0
-
diff --git a/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch b/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
deleted file mode 100644
index fd073bd..0000000
--- a/0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-From 72a137b3f51ef8aeb2747bbc102ea5c98b6daa05 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 43/49] 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
-
-Patch-name: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
-Patch-id: 113
-Patch-status: |
- # 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- include/openssl/evp.h | 4 +++
- .../implementations/asymciphers/rsa_enc.c | 22 ++++++++++++++
- providers/implementations/kem/rsa_kem.c | 30 ++++++++++++++++++-
- util/perl/OpenSSL/paramnames.pm | 6 ++--
- 4 files changed, 59 insertions(+), 3 deletions(-)
-
-diff --git a/include/openssl/evp.h b/include/openssl/evp.h
-index dc42140932..3a6345d71e 100644
---- a/include/openssl/evp.h
-+++ b/include/openssl/evp.h
-@@ -1772,6 +1772,10 @@ OSSL_DEPRECATEDIN_3_0 size_t EVP_PKEY_meth_get_count(void);
- OSSL_DEPRECATEDIN_3_0 const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx);
- # endif
-
-+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_UNDETERMINED 0
-+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED 1
-+# define EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED 2
-+
- EVP_KEYMGMT *EVP_KEYMGMT_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
- const char *properties);
- int EVP_KEYMGMT_up_ref(EVP_KEYMGMT *keymgmt);
-diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c
-index f3443b0c66..b2c239c03b 100644
---- a/providers/implementations/asymciphers/rsa_enc.c
-+++ b/providers/implementations/asymciphers/rsa_enc.c
-@@ -462,6 +462,27 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
- if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection))
- return 0;
-
-+#ifdef FIPS_MODULE
-+ p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR);
-+ if (p != NULL) {
-+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_APPROVED;
-+
-+ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key
-+ * confirmation (section 6.4.2.3.2), or assurance from a trusted third
-+ * party (section 6.4.2.3.1) for the KTS-OAEP key transport scheme, but
-+ * explicit key confirmation is not implemented here and cannot be
-+ * implemented without protocol changes, and the FIPS provider does not
-+ * implement trusted third party validation, since it relies on its
-+ * callers to do that. We must thus mark RSA-OAEP as unapproved until
-+ * we have received clarification from NIST on how library modules such
-+ * as OpenSSL should implement TTP validation. */
-+ fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ if (!OSSL_PARAM_set_int(p, fips_indicator))
-+ return 0;
-+ }
-+#endif /* defined(FIPS_MODULE) */
-+
- return 1;
- }
-
-@@ -475,6 +496,7 @@ static const OSSL_PARAM known_gettable_ctx_params[] = {
- OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL),
- #ifdef FIPS_MODULE
- OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED, NULL, 0),
-+ OSSL_PARAM_int(OSSL_ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR, NULL),
- #endif /* FIPS_MODULE */
- OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL),
- OSSL_PARAM_END
-diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
-index 0824c6bdd6..2e637bdf30 100644
---- a/providers/implementations/kem/rsa_kem.c
-+++ b/providers/implementations/kem/rsa_kem.c
-@@ -152,11 +152,39 @@ static int rsakem_decapsulate_init(void *vprsactx, void *vrsa,
- static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
- {
- PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx;
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM *p;
-+#endif /* defined(FIPS_MODULE) */
-+
-+ if (ctx == NULL)
-+ return 0;
-+
-+#ifdef FIPS_MODULE
-+ p = OSSL_PARAM_locate(params, OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR);
-+ if (p != NULL) {
-+ /* NIST SP 800-56Br2 section 6.4.2.1 requires either explicit key
-+ * confirmation (section 6.4.2.3.2), or assurance from a trusted third
-+ * party (section 6.4.2.3.1) for key agreement or key transport, but
-+ * explicit key confirmation is not implemented here and cannot be
-+ * implemented without protocol changes, and the FIPS provider does not
-+ * implement trusted third party validation, since it relies on its
-+ * callers to do that. We must thus mark RSASVE unapproved until we
-+ * have received clarification from NIST on how library modules such as
-+ * OpenSSL should implement TTP validation. */
-+ int fips_indicator = EVP_PKEY_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+
-+ if (!OSSL_PARAM_set_int(p, fips_indicator))
-+ return 0;
-+ }
-+#endif /* defined(FIPS_MODULE) */
-
-- return ctx != NULL;
-+ return 1;
- }
-
- static const OSSL_PARAM known_gettable_rsakem_ctx_params[] = {
-+#ifdef FIPS_MODULE
-+ OSSL_PARAM_int(OSSL_KEM_PARAM_REDHAT_FIPS_INDICATOR, NULL),
-+#endif /* defined(FIPS_MODULE) */
- OSSL_PARAM_END
- };
-
-diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
-index 64e9809387..45ab0c8dc4 100644
---- a/util/perl/OpenSSL/paramnames.pm
-+++ b/util/perl/OpenSSL/paramnames.pm
-@@ -406,6 +406,7 @@ my %params = (
- 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version",
- 'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection",
- 'ASYM_CIPHER_PARAM_REDHAT_KAT_OEAP_SEED' => "redhat-kat-oaep-seed",
-+ 'ASYM_CIPHER_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator",
-
- # Encoder / decoder parameters
-
-@@ -438,8 +439,9 @@ my %params = (
- 'SIGNATURE_PARAM_KAT' => "kat",
-
- # KEM parameters
-- 'KEM_PARAM_OPERATION' => "operation",
-- 'KEM_PARAM_IKME' => "ikme",
-+ 'KEM_PARAM_OPERATION' => "operation",
-+ 'KEM_PARAM_REDHAT_FIPS_INDICATOR' => "redhat-fips-indicator",
-+ 'KEM_PARAM_IKME' => "ikme",
-
- # Capabilities
-
---
-2.44.0
-
diff --git a/0114-FIPS-enforce-EMS-support.patch b/0114-FIPS-enforce-EMS-support.patch
deleted file mode 100644
index fd1e90e..0000000
--- a/0114-FIPS-enforce-EMS-support.patch
+++ /dev/null
@@ -1,251 +0,0 @@
-From 9b02ad7225b74a5b9088b361caead0a41e570e93 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Mon, 21 Aug 2023 16:40:56 +0200
-Subject: [PATCH 48/48] 0114-FIPS-enforce-EMS-support.patch
-
-Patch-name: 0114-FIPS-enforce-EMS-support.patch
-Patch-id: 114
-Patch-status: |
- # We believe that some changes present in CentOS are not necessary
- # because ustream has a check for FIPS version
----
- doc/man3/SSL_CONF_cmd.pod | 3 +++
- doc/man5/fips_config.pod | 13 +++++++++++
- include/openssl/fips_names.h | 8 +++++++
- include/openssl/ssl.h.in | 1 +
- providers/fips/fipsprov.c | 2 +-
- providers/implementations/kdfs/tls1_prf.c | 22 +++++++++++++++++++
- ssl/ssl_conf.c | 1 +
- ssl/statem/extensions_srvr.c | 8 ++++++-
- ssl/t1_enc.c | 11 ++++++++--
- .../30-test_evp_data/evpkdf_tls12_prf.txt | 10 +++++++++
- test/sslapitest.c | 2 +-
- 11 files changed, 76 insertions(+), 5 deletions(-)
-
-diff --git a/doc/man3/SSL_CONF_cmd.pod b/doc/man3/SSL_CONF_cmd.pod
-index ae6ca43282..b83c04a308 100644
---- a/doc/man3/SSL_CONF_cmd.pod
-+++ b/doc/man3/SSL_CONF_cmd.pod
-@@ -524,6 +524,9 @@ B<ExtendedMasterSecret>: use extended master secret extension, enabled by
- default. Inverse of B<SSL_OP_NO_EXTENDED_MASTER_SECRET>: that is,
- B<-ExtendedMasterSecret> is the same as setting B<SSL_OP_NO_EXTENDED_MASTER_SECRET>.
-
-+B<RHNoEnforceEMSinFIPS>: allow establishing connections without EMS in FIPS mode.
-+This is a RedHat-based OS specific option, and normally it should be set up via crypto policies.
-+
- B<CANames>: use CA names extension, enabled by
- default. Inverse of B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>: that is,
- B<-CANames> is the same as setting B<SSL_OP_DISABLE_TLSEXT_CA_NAMES>.
-diff --git a/doc/man5/fips_config.pod b/doc/man5/fips_config.pod
-index 1c15e32a5c..f2cedaf88d 100644
---- a/doc/man5/fips_config.pod
-+++ b/doc/man5/fips_config.pod
-@@ -15,6 +15,19 @@ for more information.
-
- This functionality was added in OpenSSL 3.0.
-
-+Red Hat Enterprise Linux uses a supplementary config for FIPS module located in
-+OpenSSL configuration directory and managed by crypto policies. If present, it
-+should have format
-+
-+ [fips_sect]
-+ tls1-prf-ems-check = 0
-+ activate = 1
-+
-+The B<tls1-prf-ems-check> option specifies whether FIPS module will require the
-+presence of extended master secret or not.
-+
-+The B<activate> option enforces FIPS provider activation.
-+
- =head1 COPYRIGHT
-
- Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
-diff --git a/include/openssl/fips_names.h b/include/openssl/fips_names.h
-index 5c77f6d691..8cdd5a6bf7 100644
---- a/include/openssl/fips_names.h
-+++ b/include/openssl/fips_names.h
-@@ -70,6 +70,14 @@ extern "C" {
- */
- # define OSSL_PROV_FIPS_PARAM_DRBG_TRUNC_DIGEST "drbg-no-trunc-md"
-
-+/*
-+ * A boolean that determines if the runtime FIPS check for TLS1_PRF EMS is performed.
-+ * This is disabled by default.
-+ *
-+ * Type: OSSL_PARAM_UTF8_STRING
-+ */
-+# define OSSL_PROV_FIPS_PARAM_TLS1_PRF_EMS_CHECK "tls1-prf-ems-check"
-+
- # ifdef __cplusplus
- }
- # endif
-diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in
-index 0b6de603e2..26a69ca282 100644
---- a/include/openssl/ssl.h.in
-+++ b/include/openssl/ssl.h.in
-@@ -415,6 +415,7 @@ typedef int (*SSL_async_callback_fn)(SSL *s, void *arg);
- * interoperability with CryptoPro CSP 3.x
- */
- # define SSL_OP_CRYPTOPRO_TLSEXT_BUG SSL_OP_BIT(31)
-+# define SSL_OP_RH_PERMIT_NOEMS_FIPS SSL_OP_BIT(48)
- /*
- * Disable RFC8879 certificate compression
- * SSL_OP_NO_TX_CERTIFICATE_COMPRESSION: don't send compressed certificates,
-diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
-index 5ff9872bd8..eb9653a9df 100644
---- a/providers/fips/fipsprov.c
-+++ b/providers/fips/fipsprov.c
-@@ -105,7 +105,7 @@ void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx)
- if (fgbl == NULL)
- return NULL;
- init_fips_option(&fgbl->fips_security_checks, 1);
-- init_fips_option(&fgbl->fips_tls1_prf_ems_check, 0); /* Disabled by default */
-+ init_fips_option(&fgbl->fips_tls1_prf_ems_check, 1); /* Enabled by default */
- init_fips_option(&fgbl->fips_restricted_drgb_digests, 0);
- return fgbl;
- }
-diff --git a/providers/implementations/kdfs/tls1_prf.c b/providers/implementations/kdfs/tls1_prf.c
-index 25a6c79a2e..79bc7a9719 100644
---- a/providers/implementations/kdfs/tls1_prf.c
-+++ b/providers/implementations/kdfs/tls1_prf.c
-@@ -131,6 +131,7 @@ static void *kdf_tls1_prf_new(void *provctx)
- static void kdf_tls1_prf_free(void *vctx)
- {
- TLS1_PRF *ctx = (TLS1_PRF *)vctx;
-+ OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
-
- if (ctx != NULL) {
- kdf_tls1_prf_reset(ctx);
-@@ -222,6 +223,27 @@ static int kdf_tls1_prf_derive(void *vctx, unsigned char *key, size_t keylen,
- }
- }
-
-+ /*
-+ * The seed buffer is prepended with a label.
-+ * If EMS mode is enforced then the label "master secret" is not allowed,
-+ * We do the check this way since the PRF is used for other purposes, as well
-+ * as "extended master secret".
-+ */
-+#ifdef FIPS_MODULE
-+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE
-+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST,
-+ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
-+ ctx->fips_indicator = EVP_KDF_REDHAT_FIPS_INDICATOR_NOT_APPROVED;
-+#endif /* defined(FIPS_MODULE) */
-+ if (ossl_tls1_prf_ems_check_enabled(libctx)) {
-+ if (ctx->seedlen >= TLS_MD_MASTER_SECRET_CONST_SIZE
-+ && memcmp(ctx->seed, TLS_MD_MASTER_SECRET_CONST,
-+ TLS_MD_MASTER_SECRET_CONST_SIZE) == 0) {
-+ ERR_raise(ERR_LIB_PROV, PROV_R_EMS_NOT_ENABLED);
-+ return 0;
-+ }
-+ }
-+
- return tls1_prf_alg(ctx->P_hash, ctx->P_sha1,
- ctx->sec, ctx->seclen,
- ctx->seed, ctx->seedlen,
-diff --git a/ssl/ssl_conf.c b/ssl/ssl_conf.c
-index 5146cedb96..086db98c33 100644
---- a/ssl/ssl_conf.c
-+++ b/ssl/ssl_conf.c
-@@ -389,6 +389,7 @@ static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
- SSL_FLAG_TBL("ClientRenegotiation",
- SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
- SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
-+ SSL_FLAG_TBL("RHNoEnforceEMSinFIPS", SSL_OP_RH_PERMIT_NOEMS_FIPS),
- SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
- SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
- SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),
-diff --git a/ssl/statem/extensions_srvr.c b/ssl/statem/extensions_srvr.c
-index 00b1ee531e..22cdabb308 100644
---- a/ssl/statem/extensions_srvr.c
-+++ b/ssl/statem/extensions_srvr.c
-@@ -11,6 +11,7 @@
- #include "../ssl_local.h"
- #include "statem_local.h"
- #include "internal/cryptlib.h"
-+#include <openssl/fips.h>
-
- #define COOKIE_STATE_FORMAT_VERSION 1
-
-@@ -1552,8 +1553,13 @@ EXT_RETURN tls_construct_stoc_etm(SSL *s, WPACKET *pkt, unsigned int context,
- unsigned int context,
- X509 *x, size_t chainidx)
- {
-- if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0)
-+ if ((s->s3.flags & TLS1_FLAGS_RECEIVED_EXTMS) == 0) {
-+ if (FIPS_mode() && !(SSL_get_options(SSL_CONNECTION_GET_SSL(s)) & SSL_OP_RH_PERMIT_NOEMS_FIPS) ) {
-+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
-+ return EXT_RETURN_FAIL;
-+ }
- return EXT_RETURN_NOT_SENT;
-+ }
-
- if (!WPACKET_put_bytes_u16(pkt, TLSEXT_TYPE_extended_master_secret)
- || !WPACKET_put_bytes_u16(pkt, 0)) {
-diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
-index 91238e6457..e8ad8ecd9e 100644
---- a/ssl/t1_enc.c
-+++ b/ssl/t1_enc.c
-@@ -20,6 +20,7 @@
- #include <openssl/obj_mac.h>
- #include <openssl/core_names.h>
- #include <openssl/trace.h>
-+#include <openssl/fips.h>
-
- /* seed1 through seed5 are concatenated */
- static int tls1_PRF(SSL_CONNECTION *s,
-@@ -75,8 +76,14 @@ static int tls1_PRF(SSL *s,
- }
-
- err:
-- if (fatal)
-- SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-+ if (fatal) {
-+ /* The calls to this function are local so it's safe to implement the check */
-+ if (FIPS_mode() && seed1_len >= TLS_MD_MASTER_SECRET_CONST_SIZE
-+ && memcmp(seed1, TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE) == 0)
-+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, ERR_R_UNSUPPORTED);
-+ else
-+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-+ }
- else
- ERR_raise(ERR_LIB_SSL, ERR_R_INTERNAL_ERROR);
- EVP_KDF_CTX_free(kctx);
-diff --git a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
-index 44040ff66b..deb6bf3fcb 100644
---- a/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
-+++ b/test/recipes/30-test_evp_data/evpkdf_tls12_prf.txt
-@@ -22,6 +22,16 @@ Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587c
- Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
- Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
-
-+Availablein = fips
-+KDF = TLS1-PRF
-+Ctrl.digest = digest:SHA256
-+Ctrl.Secret = hexsecret:f8938ecc9edebc5030c0c6a441e213cd24e6f770a50dda07876f8d55da062bcadb386b411fd4fe4313a604fce6c17fbc
-+Ctrl.label = seed:master secret
-+Ctrl.client_random = hexseed:36c129d01a3200894b9179faac589d9835d58775f9b5ea3587cb8fd0364cae8c
-+Ctrl.server_random = hexseed:f6c9575ed7ddd73e1f7d16eca115415812a43c2b747daaaae043abfb50053fce
-+Output = 202c88c00f84a17a20027079604787461176455539e705be730890602c289a5001e34eeb3a043e5d52a65e66125188bf
-+Result = KDF_DERIVE_ERROR
-+
- FIPSversion = <=3.1.0
- KDF = TLS1-PRF
- Ctrl.digest = digest:SHA256
-diff --git a/test/sslapitest.c b/test/sslapitest.c
-index 169e3c7466..e67b5bb44c 100644
---- a/test/sslapitest.c
-+++ b/test/sslapitest.c
-@@ -574,7 +574,7 @@ static int test_client_cert_verify_cb(void)
- STACK_OF(X509) *server_chain;
- SSL_CTX *cctx = NULL, *sctx = NULL;
- SSL *clientssl = NULL, *serverssl = NULL;
-- int testresult = 0;
-+ int testresult = 0, status;
-
- if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
- TLS_client_method(), TLS1_VERSION, 0,
---
-2.41.0
-
diff --git a/0115-skip-quic-pairwise.patch b/0115-skip-quic-pairwise.patch
deleted file mode 100644
index 98bfae5..0000000
--- a/0115-skip-quic-pairwise.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 42ed594a3a905830374fb65cced431748f8c639c Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Thu, 4 Apr 2024 11:50:58 +0200
-Subject: [PATCH 45/50] 0115-skip-quic-pairwise.patch
-
-Patch-name: 0115-skip-quic-pairwise.patch
-Patch-id: 115
-Patch-status: |
- # Amend tests according to Fedora/RHEL code
----
- test/quicapitest.c | 4 +++-
- test/recipes/01-test_symbol_presence.t | 1 +
- test/recipes/30-test_pairwise_fail.t | 13 +++++++++++--
- 3 files changed, 15 insertions(+), 3 deletions(-)
-
-diff --git a/test/quicapitest.c b/test/quicapitest.c
-index 41cf0fc7a8..0fb7492700 100644
---- a/test/quicapitest.c
-+++ b/test/quicapitest.c
-@@ -2139,7 +2139,9 @@ int setup_tests(void)
- ADD_TEST(test_cipher_find);
- ADD_TEST(test_version);
- #if defined(DO_SSL_TRACE_TEST)
-- ADD_TEST(test_ssl_trace);
-+ if (is_fips == 0) {
-+ ADD_TEST(test_ssl_trace);
-+ }
- #endif
- ADD_TEST(test_quic_forbidden_apis_ctx);
- ADD_TEST(test_quic_forbidden_apis);
-diff --git a/test/recipes/30-test_pairwise_fail.t b/test/recipes/30-test_pairwise_fail.t
-index c837d48fb4..f06ef04b1a 100644
---- a/test/recipes/30-test_pairwise_fail.t
-+++ b/test/recipes/30-test_pairwise_fail.t
-@@ -9,7 +9,7 @@
- use strict;
- use warnings;
-
--use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file);
-+use OpenSSL::Test qw(:DEFAULT bldtop_dir srctop_file srctop_dir data_file with);
- use OpenSSL::Test::Utils;
-
- BEGIN {
-@@ -31,28 +31,37 @@ run(test(["fips_version_test", "-config", $provconf, ">=3.1.0"]),
- SKIP: {
- skip "Skip RSA test because of no rsa in this build", 1
- if disabled("rsa");
-+ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
-+ sub {
- ok(run(test(["pairwise_fail_test", "-config", $provconf,
- "-pairwise", "rsa"])),
- "fips provider rsa keygen pairwise failure test");
-+ });
- }
-
- SKIP: {
- skip "Skip EC test because of no ec in this build", 2
- if disabled("ec");
-+ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
-+ sub {
- ok(run(test(["pairwise_fail_test", "-config", $provconf,
- "-pairwise", "ec"])),
- "fips provider ec keygen pairwise failure test");
-+ });
-
- skip "FIPS provider version is too old", 1
- if !$fips_exit;
-+ with({ exit_checker => sub {my $val = shift; return $val == 134; } },
-+ sub {
- ok(run(test(["pairwise_fail_test", "-config", $provconf,
- "-pairwise", "eckat"])),
- "fips provider ec keygen kat failure test");
-+ });
- }
-
- SKIP: {
- skip "Skip DSA tests because of no dsa in this build", 2
-- if disabled("dsa");
-+ if 1; #if disabled("dsa");
- ok(run(test(["pairwise_fail_test", "-config", $provconf,
- "-pairwise", "dsa", "-dsaparam", data_file("dsaparam.pem")])),
- "fips provider dsa keygen pairwise failure test");
---
-2.44.0
-
diff --git a/0116-version-aliasing.patch b/0116-version-aliasing.patch
deleted file mode 100644
index 73f7981..0000000
--- a/0116-version-aliasing.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From a2673b5e2e95bcf54a1746bfd409cca688275e75 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:17 +0100
-Subject: [PATCH 46/49] 0116-version-aliasing.patch
-
-Patch-name: 0116-version-aliasing.patch
-Patch-id: 116
-Patch-status: |
- # Add version aliasing due to
- # https://github.com/openssl/openssl/issues/23534
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- crypto/evp/digest.c | 7 ++++++-
- crypto/evp/evp_enc.c | 7 ++++++-
- test/recipes/01-test_symbol_presence.t | 1 +
- util/libcrypto.num | 2 ++
- 4 files changed, 15 insertions(+), 2 deletions(-)
-
-diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
-index 42331703da..3a280acc0e 100644
---- a/crypto/evp/digest.c
-+++ b/crypto/evp/digest.c
-@@ -553,7 +553,12 @@ legacy:
- return ret;
- }
-
--EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in)
-+EVP_MD_CTX
-+#if !defined(FIPS_MODULE)
-+__attribute__ ((symver ("EVP_MD_CTX_dup@@OPENSSL_3.1.0"),
-+ symver ("EVP_MD_CTX_dup@OPENSSL_3.2.0")))
-+#endif
-+*EVP_MD_CTX_dup(const EVP_MD_CTX *in)
- {
- EVP_MD_CTX *out = EVP_MD_CTX_new();
-
-diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
-index e9faf31057..5a29b8dbb7 100644
---- a/crypto/evp/evp_enc.c
-+++ b/crypto/evp/evp_enc.c
-@@ -1444,7 +1444,12 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
- #endif /* FIPS_MODULE */
- }
-
--EVP_CIPHER_CTX *EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
-+EVP_CIPHER_CTX
-+#if !defined(FIPS_MODULE)
-+__attribute__ ((symver ("EVP_CIPHER_CTX_dup@@OPENSSL_3.1.0"),
-+ symver ("EVP_CIPHER_CTX_dup@OPENSSL_3.2.0")))
-+#endif
-+*EVP_CIPHER_CTX_dup(const EVP_CIPHER_CTX *in)
- {
- EVP_CIPHER_CTX *out = EVP_CIPHER_CTX_new();
-
-diff --git a/test/recipes/01-test_symbol_presence.t b/test/recipes/01-test_symbol_presence.t
-index 222b1886ae..7e2f65cccb 100644
---- a/test/recipes/01-test_symbol_presence.t
-+++ b/test/recipes/01-test_symbol_presence.t
-@@ -185,6 +185,8 @@ foreach (sort keys %stlibname) {
- }
- }
- my @duplicates = sort grep { $symbols{$_} > 1 } keys %symbols;
-+@duplicates = grep {($_ ne "OPENSSL_ia32cap_P") && ($_ ne "EVP_CIPHER_CTX_dup") && ($_ ne "EVP_MD_CTX_dup") } @duplicates;
-+@duplicates = grep {($_ ne "OPENSSL_strcasecmp") && ($_ ne "OPENSSL_strncasecmp") } @duplicates;
- if (@duplicates) {
- note "Duplicates:";
- note join('\n', @duplicates);
-diff --git a/util/libcrypto.num b/util/libcrypto.num
-index 8046454025..068e9904e2 100644
---- a/util/libcrypto.num
-+++ b/util/libcrypto.num
-@@ -5435,7 +5435,9 @@ X509_PUBKEY_set0_public_key 5562 3_2_0 EXIST::FUNCTION:
- OSSL_STACK_OF_X509_free 5563 3_2_0 EXIST::FUNCTION:
- OSSL_trace_string 5564 3_2_0 EXIST::FUNCTION:
- EVP_MD_CTX_dup 5565 3_2_0 EXIST::FUNCTION:
-+EVP_MD_CTX_dup ? 3_1_0 EXIST::FUNCTION:
- EVP_CIPHER_CTX_dup 5566 3_2_0 EXIST::FUNCTION:
-+EVP_CIPHER_CTX_dup ? 3_1_0 EXIST::FUNCTION:
- BN_signed_bin2bn 5567 3_2_0 EXIST::FUNCTION:
- BN_signed_bn2bin 5568 3_2_0 EXIST::FUNCTION:
- BN_signed_lebin2bn 5569 3_2_0 EXIST::FUNCTION:
---
-2.44.0
-
diff --git a/0117-ignore-unknown-sigalgorithms-groups.patch b/0117-ignore-unknown-sigalgorithms-groups.patch
deleted file mode 100644
index dd40e11..0000000
--- a/0117-ignore-unknown-sigalgorithms-groups.patch
+++ /dev/null
@@ -1,318 +0,0 @@
-From 242c746690dd1d0e500fa554c60536877d77776d Mon Sep 17 00:00:00 2001
-From: Tomas Mraz <tomas@openssl.org>
-Date: Thu, 14 Dec 2023 17:08:56 +0100
-Subject: [PATCH 47/49] 0117-ignore-unknown-sigalgorithms-groups.patch
-
-Patch-name: 0117-ignore-unknown-sigalgorithms-groups.patch
-Patch-id: 117
-Patch-status: |
- # https://github.com/openssl/openssl/issues/23050
----
- CHANGES.md | 13 +++++++
- doc/man3/SSL_CTX_set1_curves.pod | 6 ++-
- doc/man3/SSL_CTX_set1_sigalgs.pod | 11 +++++-
- ssl/t1_lib.c | 56 +++++++++++++++++++++-------
- test/sslapitest.c | 61 +++++++++++++++++++++++++++++++
- 5 files changed, 132 insertions(+), 15 deletions(-)
-
-diff --git a/CHANGES.md b/CHANGES.md
-index ca29762ac2..4e21d0ddf9 100644
---- a/CHANGES.md
-+++ b/CHANGES.md
-@@ -27,6 +27,19 @@ OpenSSL 3.2
-
- ### Changes between 3.2.0 and 3.2.1 [30 Jan 2024]
-
-+ * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms
-+ config options and the respective calls to SSL[_CTX]_set1_sigalgs() and
-+ SSL[_CTX]_set1_client_sigalgs() that start with `?` character are
-+ ignored and the configuration will still be used.
-+
-+ Similarly unknown entries that start with `?` character in a TLS
-+ Groups config option or set with SSL[_CTX]_set1_groups_list() are ignored
-+ and the configuration will still be used.
-+
-+ In both cases if the resulting list is empty, an error is returned.
-+
-+ *Tomáš Mráz*
-+
- * A file in PKCS12 format can contain certificates and keys and may come from
- an untrusted source. The PKCS12 specification allows certain fields to be
- NULL, but OpenSSL did not correctly check for this case. A fix has been
-diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod
-index c26ef00306..f0566e148e 100644
---- a/doc/man3/SSL_CTX_set1_curves.pod
-+++ b/doc/man3/SSL_CTX_set1_curves.pod
-@@ -58,7 +58,8 @@ string B<list>. The string is a colon separated list of group names, for example
- are B<P-256>, B<P-384>, B<P-521>, B<X25519>, B<X448>, B<brainpoolP256r1tls13>,
- B<brainpoolP384r1tls13>, B<brainpoolP512r1tls13>, B<ffdhe2048>, B<ffdhe3072>,
- B<ffdhe4096>, B<ffdhe6144> and B<ffdhe8192>. Support for other groups may be
--added by external providers.
-+added by external providers. If a group name is preceded with the C<?>
-+character, it will be ignored if an implementation is missing.
-
- SSL_set1_groups() and SSL_set1_groups_list() are similar except they set
- supported groups for the SSL structure B<ssl>.
-@@ -142,6 +143,9 @@ The curve functions were added in OpenSSL 1.0.2. The equivalent group
- functions were added in OpenSSL 1.1.1. The SSL_get_negotiated_group() function
- was added in OpenSSL 3.0.0.
-
-+Support for ignoring unknown groups in SSL_CTX_set1_groups_list() and
-+SSL_set1_groups_list() was added in OpenSSL 3.3.
-+
- =head1 COPYRIGHT
-
- Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
-diff --git a/doc/man3/SSL_CTX_set1_sigalgs.pod b/doc/man3/SSL_CTX_set1_sigalgs.pod
-index eb31006346..5b7de7d956 100644
---- a/doc/man3/SSL_CTX_set1_sigalgs.pod
-+++ b/doc/man3/SSL_CTX_set1_sigalgs.pod
-@@ -33,7 +33,9 @@ signature algorithms for B<ctx> or B<ssl>. The B<str> parameter
- must be a null terminated string consisting of a colon separated list of
- elements, where each element is either a combination of a public key
- algorithm and a digest separated by B<+>, or a TLS 1.3-style named
--SignatureScheme such as rsa_pss_pss_sha256.
-+SignatureScheme such as rsa_pss_pss_sha256. If a list entry is preceded
-+with the C<?> character, it will be ignored if an implementation is missing.
-+
-
- SSL_CTX_set1_client_sigalgs(), SSL_set1_client_sigalgs(),
- SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list() set
-@@ -106,6 +108,13 @@ using a string:
- L<ssl(7)>, L<SSL_get_shared_sigalgs(3)>,
- L<SSL_CONF_CTX_new(3)>
-
-+=head1 HISTORY
-+
-+Support for ignoring unknown signature algorithms in
-+SSL_CTX_set1_sigalgs_list(), SSL_set1_sigalgs_list(),
-+SSL_CTX_set1_client_sigalgs_list() and SSL_set1_client_sigalgs_list()
-+was added in OpenSSL 3.3.
-+
- =head1 COPYRIGHT
-
- Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 056aae3863..fe680449c5 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -1052,9 +1052,15 @@ static int gid_cb(const char *elem, int len, void *arg)
- size_t i;
- uint16_t gid = 0;
- char etmp[GROUP_NAME_BUFFER_LENGTH];
-+ int ignore_unknown = 0;
-
- if (elem == NULL)
- return 0;
-+ if (elem[0] == '?') {
-+ ignore_unknown = 1;
-+ ++elem;
-+ --len;
-+ }
- if (garg->gidcnt == garg->gidmax) {
- uint16_t *tmp =
- OPENSSL_realloc(garg->gid_arr,
-@@ -1070,13 +1076,14 @@ static int gid_cb(const char *elem, int len, void *arg)
-
- gid = tls1_group_name2id(garg->ctx, etmp);
- if (gid == 0) {
-- ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
-- "group '%s' cannot be set", etmp);
-- return 0;
-+ /* Unknown group - ignore, if ignore_unknown */
-+ return ignore_unknown;
- }
- for (i = 0; i < garg->gidcnt; i++)
-- if (garg->gid_arr[i] == gid)
-- return 0;
-+ if (garg->gid_arr[i] == gid) {
-+ /* Duplicate group - ignore */
-+ return 1;
-+ }
- garg->gid_arr[garg->gidcnt++] = gid;
- return 1;
- }
-@@ -1097,6 +1104,11 @@ int tls1_set_groups_list(SSL_CTX *ctx, uint16_t **pext, size_t *pextlen,
- gcb.ctx = ctx;
- if (!CONF_parse_list(str, ':', 1, gid_cb, &gcb))
- goto end;
-+ if (gcb.gidcnt == 0) {
-+ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
-+ "No valid groups in '%s'", str);
-+ goto end;
-+ }
- if (pext == NULL) {
- ret = 1;
- goto end;
-@@ -2905,8 +2917,15 @@ static int sig_cb(const char *elem, int len, void *arg)
- const SIGALG_LOOKUP *s;
- char etmp[TLS_MAX_SIGSTRING_LEN], *p;
- int sig_alg = NID_undef, hash_alg = NID_undef;
-+ int ignore_unknown = 0;
-+
- if (elem == NULL)
- return 0;
-+ if (elem[0] == '?') {
-+ ignore_unknown = 1;
-+ ++elem;
-+ --len;
-+ }
- if (sarg->sigalgcnt == TLS_MAX_SIGALGCNT)
- return 0;
- if (len > (int)(sizeof(etmp) - 1))
-@@ -2931,8 +2950,10 @@ static int sig_cb(const char *elem, int len, void *arg)
- break;
- }
- }
-- if (i == OSSL_NELEM(sigalg_lookup_tbl))
-- return 0;
-+ if (i == OSSL_NELEM(sigalg_lookup_tbl)) {
-+ /* Ignore unknown algorithms if ignore_unknown */
-+ return ignore_unknown;
-+ }
- }
- } else {
- *p = 0;
-@@ -2940,8 +2961,10 @@ static int sig_cb(const char *elem, int len, void *arg)
- return 0;
- get_sigorhash(&sig_alg, &hash_alg, etmp);
- get_sigorhash(&sig_alg, &hash_alg, p);
-- if (sig_alg == NID_undef || hash_alg == NID_undef)
-- return 0;
-+ if (sig_alg == NID_undef || hash_alg == NID_undef) {
-+ /* Ignore unknown algorithms if ignore_unknown */
-+ return ignore_unknown;
-+ }
- for (i = 0, s = sigalg_lookup_tbl; i < OSSL_NELEM(sigalg_lookup_tbl);
- i++, s++) {
- if (s->hash == hash_alg && s->sig == sig_alg) {
-@@ -2949,15 +2972,17 @@ static int sig_cb(const char *elem, int len, void *arg)
- break;
- }
- }
-- if (i == OSSL_NELEM(sigalg_lookup_tbl))
-- return 0;
-+ if (i == OSSL_NELEM(sigalg_lookup_tbl)) {
-+ /* Ignore unknown algorithms if ignore_unknown */
-+ return ignore_unknown;
-+ }
- }
-
-- /* Reject duplicates */
-+ /* Ignore duplicates */
- for (i = 0; i < sarg->sigalgcnt - 1; i++) {
- if (sarg->sigalgs[i] == sarg->sigalgs[sarg->sigalgcnt - 1]) {
- sarg->sigalgcnt--;
-- return 0;
-+ return 1;
- }
- }
- return 1;
-@@ -2973,6 +2998,11 @@ int tls1_set_sigalgs_list(CERT *c, const char *str, int client)
- }
- if (!CONF_parse_list(str, ':', 1, sig_cb, &sig))
- return 0;
-+ if (sig.sigalgcnt == 0) {
-+ ERR_raise_data(ERR_LIB_SSL, ERR_R_PASSED_INVALID_ARGUMENT,
-+ "No valid signature algorithms in '%s'", str);
-+ return 0;
-+ }
- if (c == NULL)
- return 1;
- return tls1_set_raw_sigalgs(c, sig.sigalgs, sig.sigalgcnt, client);
-diff --git a/test/sslapitest.c b/test/sslapitest.c
-index 1c14f93ed1..184a0f1055 100644
---- a/test/sslapitest.c
-+++ b/test/sslapitest.c
-@@ -39,6 +39,7 @@
- #include "testutil.h"
- #include "testutil/output.h"
- #include "internal/nelem.h"
-+#include "internal/tlsgroups.h"
- #include "internal/ktls.h"
- #include "../ssl/ssl_local.h"
- #include "../ssl/record/methods/recmethod_local.h"
-@@ -3147,6 +3148,7 @@ static const sigalgs_list testsigalgs[] = {
- {validlist3, OSSL_NELEM(validlist3), NULL, 1, 0},
- # endif
- {NULL, 0, "RSA+SHA256", 1, 1},
-+ {NULL, 0, "RSA+SHA256:?Invalid", 1, 1},
- # ifndef OPENSSL_NO_EC
- {NULL, 0, "RSA+SHA256:ECDSA+SHA512", 1, 1},
- {NULL, 0, "ECDSA+SHA512", 1, 0},
-@@ -9276,6 +9278,64 @@ static int test_servername(int tst)
- return testresult;
- }
-
-+static int test_unknown_sigalgs_groups(void)
-+{
-+ int ret = 0;
-+ SSL_CTX *ctx = NULL;
-+
-+ if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, TLS_server_method())))
-+ goto end;
-+
-+ if (!TEST_int_gt(SSL_CTX_set1_sigalgs_list(ctx,
-+ "RSA+SHA256:?nonexistent:?RSA+SHA512"),
-+ 0))
-+ goto end;
-+ if (!TEST_size_t_eq(ctx->cert->conf_sigalgslen, 2)
-+ || !TEST_int_eq(ctx->cert->conf_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256)
-+ || !TEST_int_eq(ctx->cert->conf_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512))
-+ goto end;
-+
-+ if (!TEST_int_gt(SSL_CTX_set1_client_sigalgs_list(ctx,
-+ "RSA+SHA256:?nonexistent:?RSA+SHA512"),
-+ 0))
-+ goto end;
-+ if (!TEST_size_t_eq(ctx->cert->client_sigalgslen, 2)
-+ || !TEST_int_eq(ctx->cert->client_sigalgs[0], TLSEXT_SIGALG_rsa_pkcs1_sha256)
-+ || !TEST_int_eq(ctx->cert->client_sigalgs[1], TLSEXT_SIGALG_rsa_pkcs1_sha512))
-+ goto end;
-+
-+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
-+ "nonexistent"),
-+ 0))
-+ goto end;
-+
-+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
-+ "?nonexistent1:?nonexistent2:?nonexistent3"),
-+ 0))
-+ goto end;
-+
-+#ifndef OPENSSL_NO_EC
-+ if (!TEST_int_le(SSL_CTX_set1_groups_list(ctx,
-+ "P-256:nonexistent"),
-+ 0))
-+ goto end;
-+
-+ if (!TEST_int_gt(SSL_CTX_set1_groups_list(ctx,
-+ "P-384:?nonexistent:?P-521"),
-+ 0))
-+ goto end;
-+ if (!TEST_size_t_eq(ctx->ext.supportedgroups_len, 2)
-+ || !TEST_int_eq(ctx->ext.supportedgroups[0], OSSL_TLS_GROUP_ID_secp384r1)
-+ || !TEST_int_eq(ctx->ext.supportedgroups[1], OSSL_TLS_GROUP_ID_secp521r1))
-+ goto end;
-+#endif
-+
-+ ret = 1;
-+ end:
-+ SSL_CTX_free(ctx);
-+ return ret;
-+}
-+
- #if !defined(OPENSSL_NO_EC) \
- && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
- /*
-@@ -11519,6 +11579,7 @@ int setup_tests(void)
- ADD_ALL_TESTS(test_multiblock_write, OSSL_NELEM(multiblock_cipherlist_data));
- #endif
- ADD_ALL_TESTS(test_servername, 10);
-+ ADD_TEST(test_unknown_sigalgs_groups);
- #if !defined(OPENSSL_NO_EC) \
- && (!defined(OSSL_NO_USABLE_TLS1_3) || !defined(OPENSSL_NO_TLS1_2))
- ADD_ALL_TESTS(test_sigalgs_available, 6);
---
-2.44.0
-
diff --git a/0120-Allow-disabling-of-SHA1-signatures.patch b/0120-Allow-disabling-of-SHA1-signatures.patch
deleted file mode 100644
index 813470d..0000000
--- a/0120-Allow-disabling-of-SHA1-signatures.patch
+++ /dev/null
@@ -1,156 +0,0 @@
-From e30ce86ca436f042559c2228724b40cf43985314 Mon Sep 17 00:00:00 2001
-From: Clemens Lang <cllang@redhat.com>
-Date: Thu, 21 Mar 2024 19:10:57 +0100
-Subject: [PATCH] Instrument with USDT probes related to SHA-1 deprecation
-
-In order to discover remaining uses of SHA-1 in signatures without
-forcefully breaking the code paths, add USDT probes that can be queried
-with systemtap at runtime.
-
-This should allow identifying components that still use SHA-1 signatures
-in production so that they can be transitioned to more modern hash
-algorithms.
-
-Patch-name: 0120-Allow-disabling-of-SHA1-signatures.patch
-Patch-id: 120
-Patch-status: |
- # https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
-Submitted-by: Alexander Sosedkin <asosedkin@redhat.com>
----
- crypto/evp/m_sigver.c | 13 +++++++++----
- crypto/evp/pmeth_lib.c | 13 +++++++++----
- crypto/x509/x509_vfy.c | 6 +++++-
- providers/common/securitycheck.c | 22 +++++++++++++++-------
- providers/common/securitycheck_default.c | 13 +++++++++++--
- ssl/t1_lib.c | 8 +++++++-
- 7 files changed, 60 insertions(+), 20 deletions(-)
-
-diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
-index 3e9f33c26c..bebea9c5f6 100644
---- a/crypto/evp/m_sigver.c
-+++ b/crypto/evp/m_sigver.c
-@@ -17,6 +17,8 @@
- #include "evp_local.h"
- #include "crypto/context.h"
-
-+#include <sys/sdt.h>
-+
- typedef struct ossl_legacy_digest_signatures_st {
- int allowed;
- } OSSL_LEGACY_DIGEST_SIGNATURES;
-@@ -335,10 +337,13 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
- && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
- && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
- int mdnid = EVP_MD_nid(ctx->reqdigest);
-- if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
-- && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
-- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
-- goto err;
-+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
-+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)) {
-+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
-+ goto err;
-+ } else {
-+ DTRACE_PROBE1(libcrypto, fedora_do_sigver_init_1, mdnid);
-+ }
- }
- }
- #endif /* !defined(FIPS_MODULE) */
-diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
-index 248f655d0f..92f98c4c21 100644
---- a/crypto/evp/pmeth_lib.c
-+++ b/crypto/evp/pmeth_lib.c
-@@ -36,6 +36,8 @@
- #include "internal/sslconf.h"
- #include "evp_local.h"
-
-+#include <sys/sdt.h>
-+
- #ifndef FIPS_MODULE
-
- static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx,
-@@ -959,10 +961,13 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
- && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
- && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
- int mdnid = EVP_MD_nid(md);
-- if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
-- && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
-- ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
-- return -1;
-+ if (mdnid == NID_sha1 || mdnid == NID_md5_sha1) {
-+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
-+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
-+ return -1;
-+ } else {
-+ DTRACE_PROBE1(libcrypto, fedora_evp_pkey_ctx_set_md_1, mdnid);
-+ }
- }
- }
-
-diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
-index f635b5aec8..b061125291 100644
---- a/providers/common/securitycheck.c
-+++ b/providers/common/securitycheck.c
-@@ -21,6 +21,8 @@
- #include "prov/securitycheck.h"
- #include "internal/sslconf.h"
-
-+#include <sys/sdt.h>
-+
- /*
- * FIPS requires a minimum security strength of 112 bits (for encryption or
- * signing), and for legacy purposes 80 bits (for decryption or verifying).
-@@ -247,11 +249,14 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
- # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
-
- #ifndef FIPS_MODULE
-- if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
-- /* SHA1 is globally disabled, check whether we want to locally allow
-- * it. */
-- if (mdnid == NID_sha1 && !sha1_allowed)
-+ if (mdnid == NID_sha1 && !sha1_allowed) {
-+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
-+ /* SHA1 is globally disabled, check whether we want to locally allow
-+ * it. */
- mdnid = -1;
-+ else
-+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_get_approved_nid_with_sha1_1, mdnid);
-+ }
- #endif
-
- return mdnid;
-diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
-index 2ca7a59f39..13993b5eb1 100644
---- a/providers/common/securitycheck_default.c
-+++ b/providers/common/securitycheck_default.c
-@@ -17,6 +17,8 @@
- #include "internal/nelem.h"
- #include "internal/sslconf.h"
-
-+#include <sys/sdt.h>
-+
- /* Disable the security checks in the default provider */
- int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
- {
-@@ -46,9 +48,16 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
-
- ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
-+ if (mdnid == NID_sha1)
-+ /* This will only happen if SHA1 is allowed, otherwise mdnid is -1. */
-+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_1, mdnid);
- if (mdnid == NID_undef)
- mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
-- if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
-- mdnid = -1;
-+ if (mdnid == NID_md5_sha1) {
-+ if (ldsigs_allowed)
-+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_rsa_sign_get_md_nid_2, mdnid);
-+ else
-+ mdnid = -1;
-+ }
- return mdnid;
- }
---
-GitLab
-
diff --git a/0121-FIPS-cms-defaults.patch b/0121-FIPS-cms-defaults.patch
deleted file mode 100644
index 7add39d..0000000
--- a/0121-FIPS-cms-defaults.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From 097bcf136d444ee2383569e296b21ffc85f46e48 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <dbelyavs@redhat.com>
-Date: Thu, 4 Apr 2024 11:54:14 +0200
-Subject: [PATCH 50/50] 0121-FIPS-cms-defaults.patch
-
-Patch-name: 0121-FIPS-cms-defaults.patch
-Patch-id: 121
-Patch-status: |
- # From CentOS 9
----
- apps/cms.c | 11 ++++++++---
- crypto/cms/cms_env.c | 10 ++++++++++
- 2 files changed, 18 insertions(+), 3 deletions(-)
-
-diff --git a/apps/cms.c b/apps/cms.c
-index f93c98ac92..cd8dafe14f 100644
---- a/apps/cms.c
-+++ b/apps/cms.c
-@@ -20,6 +20,7 @@
- #include <openssl/x509_vfy.h>
- #include <openssl/x509v3.h>
- #include <openssl/cms.h>
-+#include <openssl/fips.h>
-
- static int save_certs(char *signerfile, STACK_OF(X509) *signers);
- static int cms_cb(int ok, X509_STORE_CTX *ctx);
-@@ -820,12 +821,16 @@ int cms_main(int argc, char **argv)
-
- if (operation == SMIME_ENCRYPT) {
- if (!cipher) {
-+ if (FIPS_mode()) {
-+ cipher = (EVP_CIPHER *)EVP_aes_128_cbc();
-+ } else {
- #ifndef OPENSSL_NO_DES
-- cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
-+ cipher = (EVP_CIPHER *)EVP_des_ede3_cbc();
- #else
-- BIO_printf(bio_err, "No cipher selected\n");
-- goto end;
-+ BIO_printf(bio_err, "No cipher selected\n");
-+ goto end;
- #endif
-+ }
- }
-
- if (secret_key && !secret_keyid) {
-diff --git a/crypto/cms/cms_env.c b/crypto/cms/cms_env.c
-index b877e10619..f50f930ec2 100644
---- a/crypto/cms/cms_env.c
-+++ b/crypto/cms/cms_env.c
-@@ -14,6 +14,7 @@
- #include <openssl/err.h>
- #include <openssl/cms.h>
- #include <openssl/evp.h>
-+#include <openssl/fips.h>
- #include "internal/sizes.h"
- #include "crypto/asn1.h"
- #include "crypto/evp.h"
-@@ -378,6 +379,10 @@ static int cms_RecipientInfo_ktri_init(CMS_RecipientInfo *ri, X509 *recip,
- return 0;
- if (EVP_PKEY_encrypt_init(ktri->pctx) <= 0)
- return 0;
-+ if (FIPS_mode()) {
-+ if (EVP_PKEY_CTX_ctrl_str(ktri->pctx, "rsa_padding_mode", "oaep") <= 0)
-+ return 0;
-+ }
- } else if (!ossl_cms_env_asn1_ctrl(ri, 0))
- return 0;
- return 1;
-@@ -543,6 +548,11 @@ static int cms_RecipientInfo_ktri_encrypt(const CMS_ContentInfo *cms,
-
- if (EVP_PKEY_encrypt_init(pctx) <= 0)
- goto err;
-+
-+ if (FIPS_mode()) {
-+ if (EVP_PKEY_CTX_ctrl_str(pctx, "rsa_padding_mode", "oaep") <= 0)
-+ goto err;
-+ }
- }
-
- if (EVP_PKEY_encrypt(pctx, NULL, &eklen, ec->key, ec->keylen) <= 0)
---
-2.44.0
-
diff --git a/0122-Assign-IANA-numbers-for-hybrid-PQ-KEX.patch b/0122-Assign-IANA-numbers-for-hybrid-PQ-KEX.patch
deleted file mode 100644
index ff99aa7..0000000
--- a/0122-Assign-IANA-numbers-for-hybrid-PQ-KEX.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 303b630a564aaf3dcb1e4e96d8fa396e7ad980e4 Mon Sep 17 00:00:00 2001
-From: Sahana Prasad <sahana@redhat.com>
-Date: Tue, 9 Jul 2024 12:29:04 +0200
-Subject: [PATCH 50/50] Assign IANA numbers for hybrid PQ KEX Porting the fix
- in https://github.com/openssl/openssl/pull/22803
-
-Signed-off-by: Sahana Prasad <sahana@redhat.com>
----
- ssl/t1_trce.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/ssl/t1_trce.c b/ssl/t1_trce.c
-index b05012f74f..29dce65e4f 100644
---- a/ssl/t1_trce.c
-+++ b/ssl/t1_trce.c
-@@ -545,6 +545,8 @@ static const ssl_trace_tbl ssl_groups_tbl[] = {
- {258, "ffdhe4096"},
- {259, "ffdhe6144"},
- {260, "ffdhe8192"},
-+ {25497, "X25519Kyber768Draft00"},
-+ {25498, "SecP256r1Kyber768Draft00"},
- {0xFF01, "arbitrary_explicit_prime_curves"},
- {0xFF02, "arbitrary_explicit_char2_curves"}
- };
---
-2.41.0
-
diff --git a/0124-PBMAC1-PKCS12-FIPS-support.patch b/0124-PBMAC1-PKCS12-FIPS-support.patch
deleted file mode 100644
index 6e1cc96..0000000
--- a/0124-PBMAC1-PKCS12-FIPS-support.patch
+++ /dev/null
@@ -1,1525 +0,0 @@
-From d959252c47af0eb0dd55bc032606901fedaf029b Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <beldmit@gmail.com>
-Date: Fri, 7 Jun 2024 14:37:57 +0200
-Subject: [PATCH 1/4] Implementation of the RFC 9579, PBMAC1 in PKCS#12
-
----
- apps/pkcs12.c | 63 ++++++--
- crypto/asn1/p5_pbev2.c | 7 +
- crypto/evp/digest.c | 54 +++++++
- crypto/pkcs12/p12_mutl.c | 296 ++++++++++++++++++++++++++++++++----
- include/crypto/evp.h | 3 +
- include/openssl/pkcs12.h.in | 3 +
- include/openssl/x509.h.in | 15 +-
- 7 files changed, 394 insertions(+), 47 deletions(-)
-
-diff --git a/apps/pkcs12.c b/apps/pkcs12.c
-index 54323a9713393..cbe133742a8be 100644
---- a/apps/pkcs12.c
-+++ b/apps/pkcs12.c
-@@ -70,7 +70,7 @@ typedef enum OPTION_choice {
- OPT_NAME, OPT_CSP, OPT_CANAME,
- OPT_IN, OPT_OUT, OPT_PASSIN, OPT_PASSOUT, OPT_PASSWORD, OPT_CAPATH,
- OPT_CAFILE, OPT_CASTORE, OPT_NOCAPATH, OPT_NOCAFILE, OPT_NOCASTORE, OPT_ENGINE,
-- OPT_R_ENUM, OPT_PROV_ENUM, OPT_JDKTRUST,
-+ OPT_R_ENUM, OPT_PROV_ENUM, OPT_JDKTRUST, OPT_PBMAC1_PBKDF2, OPT_PBMAC1_PBKDF2_MD,
- #ifndef OPENSSL_NO_DES
- OPT_LEGACY_ALG
- #endif
-@@ -147,6 +147,8 @@ const OPTIONS pkcs12_options[] = {
- #endif
- {"macalg", OPT_MACALG, 's',
- "Digest algorithm to use in MAC (default SHA256)"},
-+ {"pbmac1_pbkdf2", OPT_PBMAC1_PBKDF2, '-', "Use PBMAC1 with PBKDF2 instead of MAC"},
-+ {"pbmac1_pbkdf2_md", OPT_PBMAC1_PBKDF2_MD, 's', "Digest to use for PBMAC1 KDF (default SHA256)"},
- {"iter", OPT_ITER, 'p', "Specify the iteration count for encryption and MAC"},
- {"noiter", OPT_NOITER, '-', "Don't use encryption iteration"},
- {"nomaciter", OPT_NOMACITER, '-', "Don't use MAC iteration)"},
-@@ -170,14 +172,14 @@ int pkcs12_main(int argc, char **argv)
- int use_legacy = 0;
- #endif
- /* use library defaults for the iter, maciter, cert, and key PBE */
-- int iter = 0, maciter = 0;
-+ int iter = 0, maciter = 0, pbmac1_pbkdf2 = 0;
- int macsaltlen = PKCS12_SALT_LEN;
- int cert_pbe = NID_undef;
- int key_pbe = NID_undef;
- int ret = 1, macver = 1, add_lmk = 0, private = 0;
- int noprompt = 0;
- char *passinarg = NULL, *passoutarg = NULL, *passarg = NULL;
-- char *passin = NULL, *passout = NULL, *macalg = NULL;
-+ char *passin = NULL, *passout = NULL, *macalg = NULL, *pbmac1_pbkdf2_md = NULL;
- char *cpass = NULL, *mpass = NULL, *badpass = NULL;
- const char *CApath = NULL, *CAfile = NULL, *CAstore = NULL, *prog;
- int noCApath = 0, noCAfile = 0, noCAstore = 0;
-@@ -283,6 +285,12 @@ int pkcs12_main(int argc, char **argv)
- case OPT_MACALG:
- macalg = opt_arg();
- break;
-+ case OPT_PBMAC1_PBKDF2:
-+ pbmac1_pbkdf2 = 1;
-+ break;
-+ case OPT_PBMAC1_PBKDF2_MD:
-+ pbmac1_pbkdf2_md = opt_arg();
-+ break;
- case OPT_CERTPBE:
- if (!set_pbe(&cert_pbe, opt_arg()))
- goto opthelp;
-@@ -700,10 +708,20 @@ int pkcs12_main(int argc, char **argv)
- }
-
- if (maciter != -1) {
-- if (!PKCS12_set_mac(p12, mpass, -1, NULL, macsaltlen, maciter, macmd)) {
-- BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n");
-- BIO_printf(bio_err, "Use -nomac if MAC not required and PKCS12KDF support not available.\n");
-- goto export_end;
-+ if (pbmac1_pbkdf2 == 1) {
-+ if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL,
-+ macsaltlen, maciter,
-+ macmd, pbmac1_pbkdf2_md)) {
-+ BIO_printf(bio_err, "Error creating PBMAC1\n");
-+ goto export_end;
-+ }
-+ } else {
-+ if (!PKCS12_set_mac(p12, mpass, -1, NULL, macsaltlen, maciter, macmd)) {
-+ BIO_printf(bio_err, "Error creating PKCS12 MAC; no PKCS12KDF support?\n");
-+ BIO_printf(bio_err,
-+ "Use -nomac or -pbmac1_pbkdf2 if PKCS12KDF support not available\n");
-+ goto export_end;
-+ }
- }
- }
- assert(private);
-@@ -774,23 +792,54 @@ int pkcs12_main(int argc, char **argv)
- X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
- BIO_puts(bio_err, "MAC: ");
- i2a_ASN1_OBJECT(bio_err, macobj);
-- BIO_printf(bio_err, ", Iteration %ld\n",
-- tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
-- BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
-- tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
-- tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
-+ if (OBJ_obj2nid(macobj) == NID_pbmac1) {
-+ PBKDF2PARAM *pbkdf2_param = PBMAC1_get1_pbkdf2_param(macalgid);
-+
-+ if (pbkdf2_param == NULL) {
-+ BIO_printf(bio_err, ", Unsupported KDF or params for PBMAC1\n");
-+ } else {
-+ const ASN1_OBJECT *prfobj;
-+
-+ BIO_printf(bio_err, " using PBKDF2, Iteration %ld\n",
-+ ASN1_INTEGER_get(pbkdf2_param->iter));
-+ BIO_printf(bio_err, "Key length: %ld, Salt length: %d\n",
-+ ASN1_INTEGER_get(pbkdf2_param->keylength),
-+ ASN1_STRING_length(pbkdf2_param->salt->value.octet_string));
-+ X509_ALGOR_get0(&prfobj, NULL, NULL, pbkdf2_param->prf);
-+ BIO_printf(bio_err, "PBKDF2 PRF: ");
-+ i2a_ASN1_OBJECT(bio_err, prfobj);
-+ BIO_printf(bio_err, "\n");
-+ }
-+ PBKDF2PARAM_free(pbkdf2_param);
-+ } else {
-+ BIO_printf(bio_err, ", Iteration %ld\n",
-+ tmaciter != NULL ? ASN1_INTEGER_get(tmaciter) : 1L);
-+ BIO_printf(bio_err, "MAC length: %ld, salt length: %ld\n",
-+ tmac != NULL ? ASN1_STRING_length(tmac) : 0L,
-+ tsalt != NULL ? ASN1_STRING_length(tsalt) : 0L);
-+ }
- }
-+
- if (macver) {
-- EVP_KDF *pkcs12kdf;
-+ const X509_ALGOR *macalgid;
-+ const ASN1_OBJECT *macobj;
-
-- pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF",
-- app_get0_propq());
-- if (pkcs12kdf == NULL) {
-- BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n");
-- BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n");
-- goto end;
-+ PKCS12_get0_mac(NULL, &macalgid, NULL, NULL, p12);
-+ X509_ALGOR_get0(&macobj, NULL, NULL, macalgid);
-+
-+ if (OBJ_obj2nid(macobj) != NID_pbmac1) {
-+ EVP_KDF *pkcs12kdf;
-+
-+ pkcs12kdf = EVP_KDF_fetch(app_get0_libctx(), "PKCS12KDF",
-+ app_get0_propq());
-+ if (pkcs12kdf == NULL) {
-+ BIO_printf(bio_err, "Error verifying PKCS12 MAC; no PKCS12KDF support.\n");
-+ BIO_printf(bio_err, "Use -nomacver if MAC verification is not required.\n");
-+ goto end;
-+ }
-+ EVP_KDF_free(pkcs12kdf);
- }
-- EVP_KDF_free(pkcs12kdf);
-+
- /* If we enter empty password try no password first */
- if (!mpass[0] && PKCS12_verify_mac(p12, NULL, 0)) {
- /* If mac and crypto pass the same set it to NULL too */
-diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c
-index 8575d05bf6d5a..c22cc6b77075d 100644
---- a/crypto/asn1/p5_pbev2.c
-+++ b/crypto/asn1/p5_pbev2.c
-@@ -35,6 +35,13 @@ ASN1_SEQUENCE(PBKDF2PARAM) = {
-
- IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM)
-
-+ASN1_SEQUENCE(PBMAC1PARAM) = {
-+ ASN1_SIMPLE(PBMAC1PARAM, keyDerivationFunc, X509_ALGOR),
-+ ASN1_SIMPLE(PBMAC1PARAM, messageAuthScheme, X509_ALGOR)
-+} ASN1_SEQUENCE_END(PBMAC1PARAM)
-+
-+IMPLEMENT_ASN1_FUNCTIONS(PBMAC1PARAM)
-+
- /*
- * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: yes I know
- * this is horrible! Extended version to allow application supplied PRF NID
-diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
-index 18a64329b7a35..a74e2fa42c5bb 100644
---- a/crypto/evp/digest.c
-+++ b/crypto/evp/digest.c
-@@ -20,6 +20,7 @@
- #include <openssl/params.h>
- #include <openssl/core_names.h>
- #include "internal/cryptlib.h"
-+#include "internal/nelem.h"
- #include "internal/provider.h"
- #include "internal/core.h"
- #include "crypto/evp.h"
-@@ -1185,3 +1186,56 @@ void EVP_MD_do_all_provided(OSSL_LIB_CTX *libctx,
- (void (*)(void *, void *))fn, arg,
- evp_md_from_algorithm, evp_md_up_ref, evp_md_free);
- }
-+
-+typedef struct {
-+ int md_nid;
-+ int hmac_nid;
-+} ossl_hmacmd_pair;
-+
-+static const ossl_hmacmd_pair ossl_hmacmd_pairs[] = {
-+ {NID_sha1, NID_hmacWithSHA1},
-+ {NID_md5, NID_hmacWithMD5},
-+ {NID_sha224, NID_hmacWithSHA224},
-+ {NID_sha256, NID_hmacWithSHA256},
-+ {NID_sha384, NID_hmacWithSHA384},
-+ {NID_sha512, NID_hmacWithSHA512},
-+ {NID_id_GostR3411_94, NID_id_HMACGostR3411_94},
-+ {NID_id_GostR3411_2012_256, NID_id_tc26_hmac_gost_3411_2012_256},
-+ {NID_id_GostR3411_2012_512, NID_id_tc26_hmac_gost_3411_2012_512},
-+ {NID_sha3_224, NID_hmac_sha3_224},
-+ {NID_sha3_256, NID_hmac_sha3_256},
-+ {NID_sha3_384, NID_hmac_sha3_384},
-+ {NID_sha3_512, NID_hmac_sha3_512},
-+ {NID_sha512_224, NID_hmacWithSHA512_224},
-+ {NID_sha512_256, NID_hmacWithSHA512_256}
-+};
-+
-+int ossl_hmac2mdnid(int hmac_nid)
-+{
-+ int md_nid = NID_undef;
-+ size_t i;
-+
-+ for (i = 0; i < OSSL_NELEM(ossl_hmacmd_pairs); i++) {
-+ if (ossl_hmacmd_pairs[i].hmac_nid == hmac_nid) {
-+ md_nid = ossl_hmacmd_pairs[i].md_nid;
-+ break;
-+ }
-+ }
-+
-+ return md_nid;
-+}
-+
-+int ossl_md2hmacnid(int md_nid)
-+{
-+ int hmac_nid = NID_undef;
-+ size_t i;
-+
-+ for (i = 0; i < OSSL_NELEM(ossl_hmacmd_pairs); i++) {
-+ if (ossl_hmacmd_pairs[i].md_nid == md_nid) {
-+ hmac_nid = ossl_hmacmd_pairs[i].hmac_nid;
-+ break;
-+ }
-+ }
-+
-+ return hmac_nid;
-+}
-diff --git a/crypto/pkcs12/p12_mutl.c b/crypto/pkcs12/p12_mutl.c
-index 4091e61d9dd06..d410978a49e1e 100644
---- a/crypto/pkcs12/p12_mutl.c
-+++ b/crypto/pkcs12/p12_mutl.c
-@@ -15,12 +15,19 @@
-
- #include <stdio.h>
- #include "internal/cryptlib.h"
-+#include "crypto/evp.h"
- #include <openssl/crypto.h>
- #include <openssl/hmac.h>
- #include <openssl/rand.h>
- #include <openssl/pkcs12.h>
- #include "p12_local.h"
-
-+static int pkcs12_pbmac1_pbkdf2_key_gen(const char *pass, int passlen,
-+ unsigned char *salt, int saltlen,
-+ int id, int iter, int keylen,
-+ unsigned char *out,
-+ const EVP_MD *md_type);
-+
- int PKCS12_mac_present(const PKCS12 *p12)
- {
- return p12->mac ? 1 : 0;
-@@ -72,9 +79,76 @@ static int pkcs12_gen_gost_mac_key(const char *pass, int passlen,
- return 1;
- }
-
--/* Generate a MAC */
-+PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg)
-+{
-+ PBMAC1PARAM *param = NULL;
-+ PBKDF2PARAM *pbkdf2_param = NULL;
-+ const ASN1_OBJECT *kdf_oid;
-+
-+ param = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), macalg->parameter);
-+ if (param == NULL) {
-+ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_INVALID_ARGUMENT);
-+ return NULL;
-+ }
-+
-+ X509_ALGOR_get0(&kdf_oid, NULL, NULL, param->keyDerivationFunc);
-+ if (OBJ_obj2nid(kdf_oid) != NID_id_pbkdf2) {
-+ ERR_raise(ERR_LIB_PKCS12, ERR_R_PASSED_INVALID_ARGUMENT);
-+ PBMAC1PARAM_free(param);
-+ return NULL;
-+ }
-+
-+ pbkdf2_param = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBKDF2PARAM),
-+ param->keyDerivationFunc->parameter);
-+ PBMAC1PARAM_free(param);
-+
-+ return pbkdf2_param;
-+}
-+
-+static int PBMAC1_PBKDF2_HMAC(OSSL_LIB_CTX *ctx, const char *propq,
-+ const char *pass, int passlen,
-+ const X509_ALGOR *macalg, unsigned char *key)
-+{
-+ PBKDF2PARAM *pbkdf2_param = NULL;
-+ const ASN1_OBJECT *kdf_hmac_oid;
-+ int ret = -1;
-+ int keylen = 0;
-+ EVP_MD *kdf_md = NULL;
-+ const ASN1_OCTET_STRING *pbkdf2_salt = NULL;
-+
-+ pbkdf2_param = PBMAC1_get1_pbkdf2_param(macalg);
-+ if (pbkdf2_param == NULL) {
-+ ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED);
-+ goto err;
-+ }
-+ keylen = ASN1_INTEGER_get(pbkdf2_param->keylength);
-+ pbkdf2_salt = pbkdf2_param->salt->value.octet_string;
-+ X509_ALGOR_get0(&kdf_hmac_oid, NULL, NULL, pbkdf2_param->prf);
-+
-+ kdf_md = EVP_MD_fetch(ctx, OBJ_nid2sn(ossl_hmac2mdnid(OBJ_obj2nid(kdf_hmac_oid))), propq);
-+ if (kdf_md == NULL) {
-+ ERR_raise(ERR_LIB_PKCS12, ERR_R_FETCH_FAILED);
-+ goto err;
-+ }
-+
-+ if (PKCS5_PBKDF2_HMAC(pass, passlen, pbkdf2_salt->data, pbkdf2_salt->length,
-+ ASN1_INTEGER_get(pbkdf2_param->iter), kdf_md, keylen, key) <= 0) {
-+ ERR_raise(ERR_LIB_PKCS12, ERR_R_INTERNAL_ERROR);
-+ goto err;
-+ }
-+ ret = keylen;
-+
-+ err:
-+ EVP_MD_free(kdf_md);
-+ PBKDF2PARAM_free(pbkdf2_param);
-+
-+ return ret;
-+}
-+
-+/* Generate a MAC, also used for verification */
- static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char *mac, unsigned int *maclen,
-+ int pbmac1_md_nid, int pbmac1_kdf_nid,
- int (*pkcs12_key_gen)(const char *pass, int passlen,
- unsigned char *salt, int slen,
- int id, int iter, int n,
-@@ -88,8 +162,8 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char key[EVP_MAX_MD_SIZE], *salt;
- int saltlen, iter;
- char md_name[80];
-- int md_size = 0;
-- int md_nid;
-+ int keylen = 0;
-+ int md_nid = NID_undef;
- const X509_ALGOR *macalg;
- const ASN1_OBJECT *macoid;
-
-@@ -111,9 +185,13 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
- iter = ASN1_INTEGER_get(p12->mac->iter);
- X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);
- X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
-- if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0)
-- return 0;
--
-+ if (OBJ_obj2nid(macoid) == NID_pbmac1) {
-+ if (OBJ_obj2txt(md_name, sizeof(md_name), OBJ_nid2obj(pbmac1_md_nid), 0) < 0)
-+ return 0;
-+ } else {
-+ if (OBJ_obj2txt(md_name, sizeof(md_name), macoid, 0) < 0)
-+ return 0;
-+ }
- (void)ERR_set_mark();
- md = md_fetch = EVP_MD_fetch(p12->authsafes->ctx.libctx, md_name,
- p12->authsafes->ctx.propq);
-@@ -127,40 +205,61 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
- }
- (void)ERR_pop_to_mark();
-
-- md_size = EVP_MD_get_size(md);
-+ keylen = EVP_MD_get_size(md);
- md_nid = EVP_MD_get_type(md);
-- if (md_size < 0)
-+ if (keylen < 0)
- goto err;
-- if ((md_nid == NID_id_GostR3411_94
-- || md_nid == NID_id_GostR3411_2012_256
-- || md_nid == NID_id_GostR3411_2012_512)
-- && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) {
-- md_size = TK26_MAC_KEY_LEN;
-+
-+ /* For PBMAC1 we use a special keygen callback if not provided (e.g. on verification) */
-+ if (pbmac1_md_nid != NID_undef && pkcs12_key_gen == NULL) {
-+ keylen = PBMAC1_PBKDF2_HMAC(p12->authsafes->ctx.libctx, p12->authsafes->ctx.propq,
-+ pass, passlen, macalg, key);
-+ if (keylen < 0)
-+ goto err;
-+ } else if ((md_nid == NID_id_GostR3411_94
-+ || md_nid == NID_id_GostR3411_2012_256
-+ || md_nid == NID_id_GostR3411_2012_512)
-+ && ossl_safe_getenv("LEGACY_GOST_PKCS12") == NULL) {
-+ keylen = TK26_MAC_KEY_LEN;
- if (!pkcs12_gen_gost_mac_key(pass, passlen, salt, saltlen, iter,
-- md_size, key, md)) {
-+ keylen, key, md)) {
- ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR);
- goto err;
- }
- } else {
-+ EVP_MD *hmac_md = (EVP_MD *)md;
-+ int fetched = 0;
-+
-+ if (pbmac1_kdf_nid != NID_undef) {
-+ char hmac_md_name[128];
-+
-+ if (OBJ_obj2txt(hmac_md_name, sizeof(hmac_md_name), OBJ_nid2obj(pbmac1_kdf_nid), 0) < 0)
-+ goto err;
-+ hmac_md = EVP_MD_fetch(NULL, hmac_md_name, NULL);
-+ fetched = 1;
-+ }
- if (pkcs12_key_gen != NULL) {
-- if (!(*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
-- iter, md_size, key, md)) {
-+ int res = (*pkcs12_key_gen)(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
-+ iter, keylen, key, hmac_md);
-+
-+ if (fetched)
-+ EVP_MD_free(hmac_md);
-+ if (res != 1) {
- ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR);
- goto err;
- }
- } else {
- /* Default to UTF-8 password */
- if (!PKCS12_key_gen_utf8_ex(pass, passlen, salt, saltlen, PKCS12_MAC_ID,
-- iter, md_size, key, md,
-- p12->authsafes->ctx.libctx,
-- p12->authsafes->ctx.propq)) {
-+ iter, keylen, key, md,
-+ p12->authsafes->ctx.libctx, p12->authsafes->ctx.propq)) {
- ERR_raise(ERR_LIB_PKCS12, PKCS12_R_KEY_GEN_ERROR);
- goto err;
- }
- }
- }
- if ((hmac = HMAC_CTX_new()) == NULL
-- || !HMAC_Init_ex(hmac, key, md_size, md, NULL)
-+ || !HMAC_Init_ex(hmac, key, keylen, md, NULL)
- || !HMAC_Update(hmac, p12->authsafes->d.data->data,
- p12->authsafes->d.data->length)
- || !HMAC_Final(hmac, mac, maclen)) {
-@@ -178,7 +277,7 @@ static int pkcs12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
- int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char *mac, unsigned int *maclen)
- {
-- return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NULL);
-+ return pkcs12_gen_mac(p12, pass, passlen, mac, maclen, NID_undef, NID_undef, NULL);
- }
-
- /* Verify the mac */
-@@ -187,14 +286,40 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
- unsigned char mac[EVP_MAX_MD_SIZE];
- unsigned int maclen;
- const ASN1_OCTET_STRING *macoct;
-+ const X509_ALGOR *macalg;
-+ const ASN1_OBJECT *macoid;
-
- if (p12->mac == NULL) {
- ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_ABSENT);
- return 0;
- }
-- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NULL)) {
-- ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR);
-- return 0;
-+
-+ X509_SIG_get0(p12->mac->dinfo, &macalg, NULL);
-+ X509_ALGOR_get0(&macoid, NULL, NULL, macalg);
-+ if (OBJ_obj2nid(macoid) == NID_pbmac1) {
-+ PBMAC1PARAM *param = NULL;
-+ const ASN1_OBJECT *hmac_oid;
-+ int md_nid = NID_undef;
-+
-+ param = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), macalg->parameter);
-+ if (param == NULL) {
-+ ERR_raise(ERR_LIB_PKCS12, ERR_R_UNSUPPORTED);
-+ return 0;
-+ }
-+ X509_ALGOR_get0(&hmac_oid, NULL, NULL, param->messageAuthScheme);
-+ md_nid = ossl_hmac2mdnid(OBJ_obj2nid(hmac_oid));
-+
-+ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, md_nid, NID_undef, NULL)) {
-+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR);
-+ PBMAC1PARAM_free(param);
-+ return 0;
-+ }
-+ PBMAC1PARAM_free(param);
-+ } else {
-+ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NID_undef, NID_undef, NULL)) {
-+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR);
-+ return 0;
-+ }
- }
- X509_SIG_get0(p12->mac->dinfo, NULL, &macoct);
- if ((maclen != (unsigned int)ASN1_STRING_length(macoct))
-@@ -205,7 +330,6 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen)
- }
-
- /* Set a mac */
--
- int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char *salt, int saltlen, int iter,
- const EVP_MD *md_type)
-@@ -226,7 +350,7 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
- /*
- * Note that output mac is forced to UTF-8...
- */
-- if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NULL)) {
-+ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen, NID_undef, NID_undef, NULL)) {
- ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR);
- return 0;
- }
-@@ -238,9 +362,18 @@ int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
- return 1;
- }
-
--/* Set up a mac structure */
--int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
-- const EVP_MD *md_type)
-+static int pkcs12_pbmac1_pbkdf2_key_gen(const char *pass, int passlen,
-+ unsigned char *salt, int saltlen,
-+ int id, int iter, int keylen,
-+ unsigned char *out,
-+ const EVP_MD *md_type)
-+{
-+ return PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter,
-+ md_type, keylen, out);
-+}
-+
-+static int pkcs12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
-+ int nid)
- {
- X509_ALGOR *macalg;
-
-@@ -274,11 +407,112 @@ int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
- memcpy(p12->mac->salt->data, salt, saltlen);
- }
- X509_SIG_getm(p12->mac->dinfo, &macalg, NULL);
-- if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(EVP_MD_get_type(md_type)),
-- V_ASN1_NULL, NULL)) {
-+ if (!X509_ALGOR_set0(macalg, OBJ_nid2obj(nid), V_ASN1_NULL, NULL)) {
- ERR_raise(ERR_LIB_PKCS12, ERR_R_ASN1_LIB);
- return 0;
- }
-
- return 1;
- }
-+
-+/* Set up a mac structure */
-+int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, int saltlen,
-+ const EVP_MD *md_type)
-+{
-+ return pkcs12_setup_mac(p12, iter, salt, saltlen, EVP_MD_get_type(md_type));
-+}
-+
-+int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
-+ unsigned char *salt, int saltlen, int iter,
-+ const EVP_MD *md_type, const char *prf_md_name)
-+{
-+ unsigned char mac[EVP_MAX_MD_SIZE];
-+ unsigned int maclen;
-+ ASN1_OCTET_STRING *macoct;
-+ X509_ALGOR *alg = NULL;
-+ int ret = 0;
-+ int prf_md_nid = NID_undef, prf_nid = NID_undef, hmac_nid;
-+ unsigned char *known_salt = NULL;
-+ int keylen = 0;
-+ PBMAC1PARAM *param = NULL;
-+ X509_ALGOR *hmac_alg = NULL, *macalg = NULL;
-+
-+ if (md_type == NULL)
-+ /* No need to do a fetch as the md_type is used only to get a NID */
-+ md_type = EVP_sha256();
-+
-+ if (prf_md_name == NULL)
-+ prf_md_nid = EVP_MD_get_type(md_type);
-+ else
-+ prf_md_nid = OBJ_txt2nid(prf_md_name);
-+
-+ if (iter == 0)
-+ iter = PKCS12_DEFAULT_ITER;
-+
-+ keylen = EVP_MD_get_size(md_type);
-+
-+ prf_nid = ossl_md2hmacnid(prf_md_nid);
-+ hmac_nid = ossl_md2hmacnid(EVP_MD_get_type(md_type));
-+
-+ if (prf_nid == NID_undef || hmac_nid == NID_undef) {
-+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_UNKNOWN_DIGEST_ALGORITHM);
-+ goto err;
-+ }
-+
-+ if (salt == NULL) {
-+ known_salt = OPENSSL_malloc(saltlen);
-+ if (known_salt == NULL)
-+ goto err;
-+
-+ if (RAND_bytes_ex(NULL, known_salt, saltlen, 0) <= 0) {
-+ ERR_raise(ERR_LIB_PKCS12, ERR_R_RAND_LIB);
-+ goto err;
-+ }
-+ }
-+
-+ param = PBMAC1PARAM_new();
-+ hmac_alg = X509_ALGOR_new();
-+ alg = PKCS5_pbkdf2_set(iter, salt ? salt : known_salt, saltlen, prf_nid, keylen);
-+ if (param == NULL || hmac_alg == NULL || alg == NULL)
-+ goto err;
-+
-+ if (pkcs12_setup_mac(p12, iter, salt ? salt : known_salt, saltlen,
-+ NID_pbmac1) == PKCS12_ERROR) {
-+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_SETUP_ERROR);
-+ goto err;
-+ }
-+
-+ if (!X509_ALGOR_set0(hmac_alg, OBJ_nid2obj(hmac_nid), V_ASN1_NULL, NULL)) {
-+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_SETUP_ERROR);
-+ goto err;
-+ }
-+
-+ X509_ALGOR_free(param->keyDerivationFunc);
-+ X509_ALGOR_free(param->messageAuthScheme);
-+ param->keyDerivationFunc = alg;
-+ param->messageAuthScheme = hmac_alg;
-+
-+ X509_SIG_getm(p12->mac->dinfo, &macalg, &macoct);
-+ if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), param, &macalg->parameter))
-+ goto err;
-+
-+ /*
-+ * Note that output mac is forced to UTF-8...
-+ */
-+ if (!pkcs12_gen_mac(p12, pass, passlen, mac, &maclen,
-+ EVP_MD_get_type(md_type), prf_md_nid,
-+ pkcs12_pbmac1_pbkdf2_key_gen)) {
-+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_GENERATION_ERROR);
-+ goto err;
-+ }
-+ if (!ASN1_OCTET_STRING_set(macoct, mac, maclen)) {
-+ ERR_raise(ERR_LIB_PKCS12, PKCS12_R_MAC_STRING_SET_ERROR);
-+ goto err;
-+ }
-+ ret = 1;
-+
-+ err:
-+ PBMAC1PARAM_free(param);
-+ OPENSSL_free(known_salt);
-+ return ret;
-+}
-diff --git a/include/crypto/evp.h b/include/crypto/evp.h
-index 32c60f223c78c..72d9995e8f0f4 100644
---- a/include/crypto/evp.h
-+++ b/include/crypto/evp.h
-@@ -964,4 +964,7 @@ int evp_pkey_decrypt_alloc(EVP_PKEY_CTX *ctx, unsigned char **outp,
- size_t *outlenp, size_t expected_outlen,
- const unsigned char *in, size_t inlen);
-
-+int ossl_md2hmacnid(int mdnid);
-+int ossl_hmac2mdnid(int hmac_nid);
-+
- #endif /* OSSL_CRYPTO_EVP_H */
-diff --git a/include/openssl/pkcs12.h.in b/include/openssl/pkcs12.h.in
-index 35759d4deadc3..ab62207e49b55 100644
---- a/include/openssl/pkcs12.h.in
-+++ b/include/openssl/pkcs12.h.in
-@@ -269,6 +269,9 @@ int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen);
- int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char *salt, int saltlen, int iter,
- const EVP_MD *md_type);
-+int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
-+ unsigned char *salt, int saltlen, int iter,
-+ const EVP_MD *md_type, const char *prf_md_name);
- int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
- int saltlen, const EVP_MD *md_type);
- unsigned char *OPENSSL_asc2uni(const char *asc, int asclen,
-diff --git a/include/openssl/x509.h.in b/include/openssl/x509.h.in
-index 99bc4aab29133..b7f080a5360db 100644
---- a/include/openssl/x509.h.in
-+++ b/include/openssl/x509.h.in
-@@ -279,7 +279,12 @@ typedef struct PBKDF2PARAM_st {
- X509_ALGOR *prf;
- } PBKDF2PARAM;
-
--#ifndef OPENSSL_NO_SCRYPT
-+typedef struct {
-+ X509_ALGOR *keyDerivationFunc;
-+ X509_ALGOR *messageAuthScheme;
-+} PBMAC1PARAM;
-+
-+# ifndef OPENSSL_NO_SCRYPT
- typedef struct SCRYPT_PARAMS_st {
- ASN1_OCTET_STRING *salt;
- ASN1_INTEGER *costParameter;
-@@ -287,7 +292,7 @@ typedef struct SCRYPT_PARAMS_st {
- ASN1_INTEGER *parallelizationParameter;
- ASN1_INTEGER *keyLength;
- } SCRYPT_PARAMS;
--#endif
-+# endif
-
- #ifdef __cplusplus
- }
-@@ -1023,9 +1028,10 @@ X509 *X509_find_by_subject(STACK_OF(X509) *sk, const X509_NAME *name);
- DECLARE_ASN1_FUNCTIONS(PBEPARAM)
- DECLARE_ASN1_FUNCTIONS(PBE2PARAM)
- DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM)
--#ifndef OPENSSL_NO_SCRYPT
-+DECLARE_ASN1_FUNCTIONS(PBMAC1PARAM)
-+# ifndef OPENSSL_NO_SCRYPT
- DECLARE_ASN1_FUNCTIONS(SCRYPT_PARAMS)
--#endif
-+# endif
-
- int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
- const unsigned char *salt, int saltlen);
-@@ -1062,6 +1068,7 @@ X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen,
- int prf_nid, int keylen,
- OSSL_LIB_CTX *libctx);
-
-+PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg);
- /* PKCS#8 utilities */
-
- DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO)
-
-From 29d98a8287d217b2232344056934d3cd2c6f44a3 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <beldmit@gmail.com>
-Date: Fri, 7 Jun 2024 14:38:40 +0200
-Subject: [PATCH 2/4] Implementation of the RFC 9579, PBMAC1 in PKCS#12 -
- documentation
-
----
- doc/man1/openssl-pkcs12.pod.in | 11 +++++++
- doc/man3/PBMAC1_get1_pbkdf2_param.pod | 46 +++++++++++++++++++++++++++
- doc/man3/PKCS12_gen_mac.pod | 37 ++++++++++++++++-----
- doc/man3/X509_dup.pod | 3 ++
- doc/man3/d2i_X509.pod | 2 ++
- util/missingcrypto.txt | 1 -
- util/missingcrypto111.txt | 1 -
- 7 files changed, 91 insertions(+), 10 deletions(-)
- create mode 100644 doc/man3/PBMAC1_get1_pbkdf2_param.pod
-
-diff --git a/doc/man1/openssl-pkcs12.pod.in b/doc/man1/openssl-pkcs12.pod.in
-index 665b22bb644ac..020543cd5c895 100644
---- a/doc/man1/openssl-pkcs12.pod.in
-+++ b/doc/man1/openssl-pkcs12.pod.in
-@@ -62,6 +62,8 @@ PKCS#12 output (export) options:
- [B<-certpbe> I<cipher>]
- [B<-descert>]
- [B<-macalg> I<digest>]
-+[B<-pbmac1_pbkdf2>]
-+[B<-pbmac1_pbkdf2_md> I<digest>]
- [B<-iter> I<count>]
- [B<-noiter>]
- [B<-nomaciter>]
-@@ -345,6 +347,15 @@ then both, the private key and the certificates are encrypted using triple DES.
-
- Specify the MAC digest algorithm. If not included SHA256 will be used.
-
-+=item B<-pbmac1_pbkdf2>
-+
-+Use PBMAC1 with PBKDF2 for MAC protection of the PKCS#12 file.
-+
-+=item B<-pbmac1_pbkdf2_md> I<digest>
-+
-+Specify the PBKDF2 KDF digest algorithm. If not specified, SHA256 will be used.
-+Unless C<-pbmac1_pbkdf2> is specified, this parameter is ignored.
-+
- =item B<-iter> I<count>
-
- This option specifies the iteration count for the encryption key and MAC. The
-diff --git a/doc/man3/PBMAC1_get1_pbkdf2_param.pod b/doc/man3/PBMAC1_get1_pbkdf2_param.pod
-new file mode 100644
-index 0000000000000..415c3cd214a2e
---- /dev/null
-+++ b/doc/man3/PBMAC1_get1_pbkdf2_param.pod
-@@ -0,0 +1,46 @@
-+=pod
-+
-+=head1 NAME
-+
-+PBMAC1_get1_pbkdf2_param - Function to manipulate a PBMAC1
-+MAC structure
-+
-+=head1 SYNOPSIS
-+
-+ #include <openssl/x509.h>
-+
-+ PBKDF2PARAM *PBMAC1_get1_pbkdf2_param(const X509_ALGOR *macalg);
-+
-+=head1 DESCRIPTION
-+
-+PBMAC1_get1_pbkdf2_param() retrieves a B<PBKDF2PARAM> structure from an
-+I<X509_ALGOR> structure.
-+
-+=head1 RETURN VALUES
-+
-+PBMAC1_get1_pbkdf2_param() returns NULL in case when PBMAC1 uses an algorithm
-+apart from B<PBKDF2> or when passed incorrect parameters and a pointer to
-+B<PBKDF2PARAM> structure otherwise.
-+
-+=head1 CONFORMING TO
-+
-+IETF RFC 9579 (L<https://tools.ietf.org/html/rfc9579>)
-+
-+=head1 SEE ALSO
-+
-+L<openssl-pkcs12(1)>
-+
-+=head1 HISTORY
-+
-+The I<PBMAC1_get1_pbkdf2_param> function was added in OpenSSL 3.4.
-+
-+=head1 COPYRIGHT
-+
-+Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-+
-+Licensed under the Apache License 2.0 (the "License"). You may not use
-+this file except in compliance with the License. You can obtain a copy
-+in the file LICENSE in the source distribution or at
-+L<https://www.openssl.org/source/license.html>.
-+
-+=cut
-diff --git a/doc/man3/PKCS12_gen_mac.pod b/doc/man3/PKCS12_gen_mac.pod
-index a72df145fedd7..ebeee98f04e68 100644
---- a/doc/man3/PKCS12_gen_mac.pod
-+++ b/doc/man3/PKCS12_gen_mac.pod
-@@ -3,7 +3,8 @@
- =head1 NAME
-
- PKCS12_gen_mac, PKCS12_setup_mac, PKCS12_set_mac,
--PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure
-+PKCS12_set_pbmac1_pbkdf2, PKCS12_verify_mac, PKCS12_get0_mac -
-+Functions to create and manipulate a PKCS#12 MAC structure
-
- =head1 SYNOPSIS
-
-@@ -15,9 +16,19 @@ PKCS12_verify_mac - Functions to create and manipulate a PKCS#12 structure
- int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen,
- unsigned char *salt, int saltlen, int iter,
- const EVP_MD *md_type);
-+ int PKCS12_set_pbmac1_pbkdf2(PKCS12 *p12, const char *pass, int passlen,
-+ unsigned char *salt, int saltlen, int iter,
-+ const EVP_MD *md_type,
-+ const char *prf_md_name);
- int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt,
- int saltlen, const EVP_MD *md_type);
-
-+ void PKCS12_get0_mac(const ASN1_OCTET_STRING **pmac,
-+ const X509_ALGOR **pmacalg,
-+ const ASN1_OCTET_STRING **psalt,
-+ const ASN1_INTEGER **piter,
-+ const PKCS12 *p12);
-+
- =head1 DESCRIPTION
-
- PKCS12_gen_mac() generates an HMAC over the entire PKCS#12 object using the
-@@ -31,10 +42,15 @@ PKCS12_setup_mac() sets the MAC part of the PKCS#12 structure with the supplied
- parameters.
-
- PKCS12_set_mac() sets the MAC and MAC parameters into the PKCS#12 object.
-+PKCS12_set_pbmac1_pbkdf2() sets the MAC and MAC parameters into the PKCS#12
-+object when B<PBMAC1> with PBKDF2 is used for protection of the PKCS#12 object.
-
- I<pass> is the passphrase to use in the HMAC. I<salt> is the salt value to use,
--I<iter> is the iteration count and I<md_type> is the message digest
--function to use.
-+I<iter> is the iteration count and I<md_type> is the message digest function to
-+use. I<prf_md_name> specifies the digest used for the PBKDF2 in PBMAC1 KDF.
-+
-+PKCS12_get0_mac() retrieves any included MAC value, B<X509_ALGOR> object,
-+I<salt>, and I<iter> count from the PKCS12 object.
-
- =head1 NOTES
-
-@@ -43,17 +59,18 @@ If I<salt> is NULL then a suitable salt will be generated and used.
- If I<iter> is 1 then an iteration count will be omitted from the PKCS#12
- structure.
-
--PKCS12_gen_mac(), PKCS12_verify_mac() and PKCS12_set_mac() make assumptions
--regarding the encoding of the given passphrase. See L<passphrase-encoding(7)>
--for more information.
-+PKCS12_gen_mac(), PKCS12_verify_mac(), PKCS12_set_mac() and
-+PKCS12_set_pbmac1_pbkdf2() make assumptions regarding the encoding of the
-+given passphrase. See L<passphrase-encoding(7)> for more information.
-
- =head1 RETURN VALUES
-
--All functions return 1 on success and 0 if an error occurred.
-+All functions returning an integer return 1 on success and 0 if an error occurred.
-
- =head1 CONFORMING TO
-
- IETF RFC 7292 (L<https://tools.ietf.org/html/rfc7292>)
-+IETF RFC 9579 (L<https://tools.ietf.org/html/rfc9579>)
-
- =head1 SEE ALSO
-
-@@ -62,9 +79,13 @@ L<EVP_KDF-PKCS12KDF(7)>,
- L<PKCS12_create(3)>,
- L<passphrase-encoding(7)>
-
-+=head1 HISTORY
-+
-+The I<PKCS12_set_pbmac1_pbkdf2> function was added in OpenSSL 3.4.
-+
- =head1 COPYRIGHT
-
--Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
-+Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
-
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
-diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod
-index fc93494a76617..81ea2275d7414 100644
---- a/doc/man3/X509_dup.pod
-+++ b/doc/man3/X509_dup.pod
-@@ -218,6 +218,9 @@ PBEPARAM_free,
- PBEPARAM_new,
- PBKDF2PARAM_free,
- PBKDF2PARAM_new,
-+PBMAC1PARAM_free,
-+PBMAC1PARAM_it,
-+PBMAC1PARAM_new,
- PKCS12_BAGS_free,
- PKCS12_BAGS_new,
- PKCS12_MAC_DATA_free,
-diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
-index 75b37e5544396..3615bcaafe7c0 100644
---- a/doc/man3/d2i_X509.pod
-+++ b/doc/man3/d2i_X509.pod
-@@ -115,6 +115,7 @@ d2i_OTHERNAME,
- d2i_PBE2PARAM,
- d2i_PBEPARAM,
- d2i_PBKDF2PARAM,
-+d2i_PBMAC1PARAM,
- d2i_PKCS12,
- d2i_PKCS12_BAGS,
- d2i_PKCS12_MAC_DATA,
-@@ -300,6 +301,7 @@ i2d_OTHERNAME,
- i2d_PBE2PARAM,
- i2d_PBEPARAM,
- i2d_PBKDF2PARAM,
-+i2d_PBMAC1PARAM,
- i2d_PKCS12,
- i2d_PKCS12_BAGS,
- i2d_PKCS12_MAC_DATA,
-diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt
-index b7d5091b31912..a56491d0f8b94 100644
---- a/util/missingcrypto.txt
-+++ b/util/missingcrypto.txt
-@@ -749,7 +749,6 @@ PKCS12_MAC_DATA_it(3)
- PKCS12_PBE_add(3)
- PKCS12_SAFEBAGS_it(3)
- PKCS12_SAFEBAG_it(3)
--PKCS12_get0_mac(3)
- PKCS12_get_attr(3)
- PKCS12_it(3)
- PKCS12_item_pack_safebag(3)
-diff --git a/util/missingcrypto111.txt b/util/missingcrypto111.txt
-index 0386701ad1e32..f3402ada7e60f 100644
---- a/util/missingcrypto111.txt
-+++ b/util/missingcrypto111.txt
-@@ -1027,7 +1027,6 @@ PKCS12_add_safe(3)
- PKCS12_add_safes(3)
- PKCS12_decrypt_skey(3)
- PKCS12_gen_mac(3)
--PKCS12_get0_mac(3)
- PKCS12_get_attr(3)
- PKCS12_get_attr_gen(3)
- PKCS12_get_friendlyname(3)
-
-From 7257898633703d5841aefa7fb4f9d192430fdad8 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <beldmit@gmail.com>
-Date: Thu, 6 Jun 2024 13:07:48 +0200
-Subject: [PATCH 3/4] Make update
-
----
- doc/build.info | 6 ++++++
- util/libcrypto.num | 7 +++++++
- 2 files changed, 13 insertions(+)
-
-diff --git a/doc/build.info b/doc/build.info
-index d47371e88aa9f..60a5d9b86bd5c 100644
---- a/doc/build.info
-+++ b/doc/build.info
-@@ -1847,6 +1847,10 @@ DEPEND[html/man3/OpenSSL_version.html]=man3/OpenSSL_version.pod
- GENERATE[html/man3/OpenSSL_version.html]=man3/OpenSSL_version.pod
- DEPEND[man/man3/OpenSSL_version.3]=man3/OpenSSL_version.pod
- GENERATE[man/man3/OpenSSL_version.3]=man3/OpenSSL_version.pod
-+DEPEND[html/man3/PBMAC1_get1_pbkdf2_param.html]=man3/PBMAC1_get1_pbkdf2_param.pod
-+GENERATE[html/man3/PBMAC1_get1_pbkdf2_param.html]=man3/PBMAC1_get1_pbkdf2_param.pod
-+DEPEND[man/man3/PBMAC1_get1_pbkdf2_param.3]=man3/PBMAC1_get1_pbkdf2_param.pod
-+GENERATE[man/man3/PBMAC1_get1_pbkdf2_param.3]=man3/PBMAC1_get1_pbkdf2_param.pod
- DEPEND[html/man3/PEM_X509_INFO_read_bio_ex.html]=man3/PEM_X509_INFO_read_bio_ex.pod
- GENERATE[html/man3/PEM_X509_INFO_read_bio_ex.html]=man3/PEM_X509_INFO_read_bio_ex.pod
- DEPEND[man/man3/PEM_X509_INFO_read_bio_ex.3]=man3/PEM_X509_INFO_read_bio_ex.pod
-@@ -3453,6 +3457,7 @@ html/man3/OSSL_trace_get_category_num.html \
- html/man3/OSSL_trace_set_channel.html \
- html/man3/OpenSSL_add_all_algorithms.html \
- html/man3/OpenSSL_version.html \
-+html/man3/PBMAC1_get1_pbkdf2_param.html \
- html/man3/PEM_X509_INFO_read_bio_ex.html \
- html/man3/PEM_bytes_read_bio.html \
- html/man3/PEM_read.html \
-@@ -4113,6 +4118,7 @@ man/man3/OSSL_trace_get_category_num.3 \
- man/man3/OSSL_trace_set_channel.3 \
- man/man3/OpenSSL_add_all_algorithms.3 \
- man/man3/OpenSSL_version.3 \
-+man/man3/PBMAC1_get1_pbkdf2_param.3 \
- man/man3/PEM_X509_INFO_read_bio_ex.3 \
- man/man3/PEM_bytes_read_bio.3 \
- man/man3/PEM_read.3 \
-diff --git a/util/libcrypto.num b/util/libcrypto.num
-index 7f958a4fa31db..ef11c0302e396 100644
---- a/util/libcrypto.num
-+++ b/util/libcrypto.num
-@@ -5664,3 +5664,10 @@ OSSL_IETF_ATTR_SYNTAX_get_value_num ? 3_4_0 EXIST::FUNCTION:
- OPENSSL_strncasecmp ? 3_0_1 EXIST::FUNCTION:
- ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
- ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
-+PKCS12_set_pbmac1_pbkdf2 ? 3_4_0 EXIST::FUNCTION:
-+PBMAC1_get1_pbkdf2_param ? 3_4_0 EXIST::FUNCTION:
-+d2i_PBMAC1PARAM ? 3_4_0 EXIST::FUNCTION:
-+i2d_PBMAC1PARAM ? 3_4_0 EXIST::FUNCTION:
-+PBMAC1PARAM_free ? 3_4_0 EXIST::FUNCTION:
-+PBMAC1PARAM_new ? 3_4_0 EXIST::FUNCTION:
-+PBMAC1PARAM_it ? 3_4_0 EXIST::FUNCTION:
-
-From 97fbb9437163fb5114da40250b7ace83748a2e81 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <beldmit@gmail.com>
-Date: Thu, 6 Jun 2024 17:01:45 +0200
-Subject: [PATCH 4/4] Test vectors from rfc9579 and creation tests
-
----
- test/recipes/80-test_pkcs12.t | 55 +++++++++++++++++-
- .../pbmac1_256_256.bad-iter.p12 | Bin 0 -> 2703 bytes
- .../pbmac1_256_256.bad-salt.p12 | Bin 0 -> 2702 bytes
- .../pbmac1_256_256.good.p12 | Bin 0 -> 2702 bytes
- .../pbmac1_256_256.no-len.p12 | Bin 0 -> 2700 bytes
- .../pbmac1_512_256.good.p12 | Bin 0 -> 2702 bytes
- .../pbmac1_512_512.good.p12 | Bin 0 -> 2736 bytes
- 7 files changed, 54 insertions(+), 1 deletion(-)
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-iter.p12
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt.p12
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.good.p12
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-len.p12
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_512_256.good.p12
- create mode 100644 test/recipes/80-test_pkcs12_data/pbmac1_512_512.good.p12
-
-diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t
-index 999129a03074d..c14ef94998cde 100644
---- a/test/recipes/80-test_pkcs12.t
-+++ b/test/recipes/80-test_pkcs12.t
-@@ -9,7 +9,7 @@
- use strict;
- use warnings;
-
--use OpenSSL::Test qw/:DEFAULT srctop_file with/;
-+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir with/;
- use OpenSSL::Test::Utils;
-
- use Encode;
-@@ -54,7 +54,9 @@ if (eval { require Win32::API; 1; }) {
- }
- $ENV{OPENSSL_WIN32_UTF8}=1;
-
--plan tests => 31;
-+my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
-+
-+plan tests => $no_fips ? 45 : 51;
-
- # Test different PKCS#12 formats
- ok(run(test(["pkcs12_format_test"])), "test pkcs12 formats");
-@@ -170,6 +170,80 @@ ok(grep(/Trusted key usage (Oracle)/, @pkcs12info) == 0,
- ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_outerr6_empty");
- }
-
-+my %pbmac1_tests = (
-+ pbmac1_defaults => {args => [], lookup => "hmacWithSHA256"},
-+ pbmac1_nondefaults => {args => ["-pbmac1_pbkdf2_md", "sha512", "-macalg", "sha384"], lookup => "hmacWithSHA512"},
-+);
-+
-+for my $instance (sort keys %pbmac1_tests) {
-+ my $extra_args = $pbmac1_tests{$instance}{args};
-+ my $lookup = $pbmac1_tests{$instance}{lookup};
-+ # Test export of PEM file with both cert and key, with password.
-+ {
-+ my $pbmac1_id = $instance;
-+ ok(run(app(["openssl", "pkcs12", "-export", "-pbmac1_pbkdf2",
-+ "-inkey", srctop_file(@path, "cert-key-cert.pem"),
-+ "-in", srctop_file(@path, "cert-key-cert.pem"),
-+ "-passout", "pass:1234",
-+ @$extra_args,
-+ "-out", "$pbmac1_id.p12"], stderr => "${pbmac1_id}_err.txt")),
-+ "test_export_pkcs12_${pbmac1_id}");
-+ open DATA, "${pbmac1_id}_err.txt";
-+ my @match = grep /:error:/, <DATA>;
-+ close DATA;
-+ ok(scalar @match > 0 ? 0 : 1, "test_export_pkcs12_${pbmac1_id}_err.empty");
-+
-+ ok(run(app(["openssl", "pkcs12", "-in", "$pbmac1_id.p12", "-info", "-noout",
-+ "-passin", "pass:1234"], stderr => "${pbmac1_id}_info.txt")),
-+ "test_export_pkcs12_${pbmac1_id}_info");
-+ open DATA, "${pbmac1_id}_info.txt";
-+ my @match = grep /$lookup/, <DATA>;
-+ close DATA;
-+ ok(scalar @match > 0 ? 1 : 0, "test_export_pkcs12_${pbmac1_id}_info");
-+ }
-+}
-+
-+# Test pbmac1 pkcs12 good files, RFC 9579
-+for my $file ("pbmac1_256_256.good.p12", "pbmac1_512_256.good.p12", "pbmac1_512_512.good.p12")
-+{
-+ my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file);
-+ ok(run(app(["openssl", "pkcs12", "-in", $path, "-password", "pass:1234", "-noenc"])),
-+ "test pbmac1 pkcs12 file $file");
-+}
-+
-+unless ($no_fips) {
-+ my $provpath = bldtop_dir("providers");
-+ my $provconf = srctop_file("test", "fips-and-base.cnf");
-+ my $provname = 'fips';
-+ my @prov = ("-provider-path", $provpath,
-+ "-provider", $provname);
-+ local $ENV{OPENSSL_CONF} = $provconf;
-+
-+# Test pbmac1 pkcs12 good files, RFC 9579
-+ for my $file ("pbmac1_256_256.good.p12", "pbmac1_512_256.good.p12", "pbmac1_512_512.good.p12")
-+ {
-+ my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file);
-+ ok(run(app(["openssl", "pkcs12", @prov, "-in", $path, "-password", "pass:1234", "-noenc"])),
-+ "test pbmac1 pkcs12 file $file");
-+
-+ ok(run(app(["openssl", "pkcs12", @prov, "-in", $path, "-info", "-noout",
-+ "-passin", "pass:1234"], stderr => "${file}_info.txt")),
-+ "test_export_pkcs12_${file}_info");
-+ }
-+}
-+
-+# Test pbmac1 pkcs12 bad files, RFC 9579
-+for my $file ("pbmac1_256_256.bad-iter.p12", "pbmac1_256_256.bad-salt.p12", "pbmac1_256_256.no-len.p12")
-+{
-+ my $path = srctop_file("test", "recipes", "80-test_pkcs12_data", $file);
-+ with({ exit_checker => sub { return shift == 1; } },
-+ sub {
-+ ok(run(app(["openssl", "pkcs12", "-in", $path, "-password", "pass:1234", "-noenc"])),
-+ "test pbmac1 pkcs12 bad file $file");
-+ }
-+ );
-+}
-+
- # Test some bad pkcs12 files
- my $bad1 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad1.p12");
- my $bad2 = srctop_file("test", "recipes", "80-test_pkcs12_data", "bad2.p12");
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-iter.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-iter.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..9957d473c433bc9fb9572ecf51332a7f325fe36f
-GIT binary patch
-literal 2703
-zcmai$c{J1u8^_I<8ABNB4Pk6UgnstR*kkNVmbleK_MOQV5{B$bZuZ@TE(Q%DI~6Sy
-za_>;K?Awg&gK)d&eNUbD{pbGioacPM-{+j?zt8ysc%~FEh#tT*L1Bzi@rLpHEFcC@
-z37&Bef@j<U@QhRd4{`b#!AkHD>+hBY7)1Ad8U9Q_fZY!PWdV!<$)A!L;D^99D!DhE
-zeQE;1U^pGX41@pY8<-JF2ME9z9peo_uJjO)6ojpI>t?AXtBj{Jv>|^u>h6bVJpBw;
-z+#a^-mWMrkMYg}Jfxic~-vQC^Kt6wiU3a5|Vneevb2UJ$z)2qnB(3bX+ki6$-vZY@
-z_jNXQZTo6cC8;EgG@yE-_xV79ZGQJ%I{69AF&s=P;{7m`BV^eD>hi8QDGbWW=k(N~
-z?rwAx=6c3#F>pv2L4VOaP$r$r8H)wPkN!jmp#f9wlbG_*(`oK#@rheWABcv-oOfog
-zZYz%aTa??GYAh^>vo?%Ytn1k}?VQgy3?$BA43ITPmqN=#z7%|ZuMyYTsb!MrPNefm
-zZqFRZBncUQLYTJFRO5#Vm}Abxr(6e>cmXMQ`{e6;(W1HbvJy+6ch6Ew4a%-^T)$S!
-zZ-KnuFs_#(<>qmAQHUMRgA=lor{8J5+lgi3=XMhrn{rQ)Q8o{i>As;dbVXX%-pF_*
-zZzgS@b5K1fKeg-SDJdp=IfDL64sDgQcs97g>-}r5xM&}z?CAJ5DfWlrG{Vclzf>dn
-zo{V*Ewz$6%Lf?^0e0Q>3DIInhuW#>Yl@qx8n7!wUPXuV11Kb@ccR{%DDS;0qHY>mu
-zu-vr2t#J+HN=T``{Vnn9R#VlV+Ii{wMEM1hhXQ^ve5Zr$o3Kq}n^%2LkRM1kp&yyN
-zAIuV?4KWFhmGbLG$uK=egKjkyGTp!b68!4=amq-$qDri1b;qV9YFJH~WOizc9I_%J
-z44_J>+hGh!f}QMW!}Tr^@1zS%n5t6Ov;=QmkAqZ|PFXjGT~H>*Zg3m@=;#5|xjVXa
-z=7!*1ZMuW<p*@7H5oMY-q~cIV6E9V=(v+!_8YNdAYFwU+&l^kII>{7jRvPZEBWku=
-z>pX3o*5O*R8WWG=%h|0czJp%Kpab&Azs(Zn5^hkb3c)52sAW^j`(JBf2EO(<zljE%
-z`bi_rlEW)C-u$2HsN?jtYmd~<cJ4GQS4)`TCW?cOn=TEPF122)|1vGe8ah>u;};5!
-zJ78c=pipR;Q`}}oNj`E?>xmo1c;h+<V}gzDnZ+p8=J_*ePr-hDAF;AiEb1=>*jm-F
-zvGHxT@3QKop@A(X%GI?VH>66GGkfm!BX8F_RG=h|*OTP)9Z`1b7<0OAi@nQHs^*85
-zy*k?D(T_YY`YGM_^c@Sl@gz6Yg;Gw|Vky;(_%~Rln$h^CvdyVE;n0ScW(%D_2ZaT(
-z<3JvG*k_Ou-4q$NEa0%}?T(4#q1{(hydmIOYF_cub5Cw@>J!^KG*=9kyF|@s=|27Q
-zk5EesrnuH`ef-b#>n}vJP!(M)-5U9(H%wuaT-Hq#?`FZSaO8=JSxam?LFa7UX-&BK
-zIDm)7{outv0D=ZX@KD@$+xPo;!p{7cP0UOn@b^&eyD9T;z_IRE*SwPN?f9?2sdG23
-zR1)>R-S`UQdvhgZ6oQ8g4M@YO8nkG!jk}taE%TK@@R2z0qnt?s#hH5~A7!4`<Uiy-
-zb+GHKYuerkq4us>E7*MW!m9T778sjy_p@|)v(>Z)=gcJcZLp?ECAhRQ*>te0UgO>T
-z2!WGkqg5>=c`{x<y^wuFhT|FSRC)e#d8*!A)0WOPv$p(8edh&jY<hdM$Q&~rw8j`-
-z*r^;@e}^G0>YLI9e=7GvIPcLnpC&fKx}N>j5dT@r0A!A+m^|pCwV%3}UgTlK*(`F{
-zPE_J;HRlt|ru*VW!Bh<_#<*>;Jv5N5(AdP?(m~9_6tWxOYfDd`22P^04U&R2Zr$>-
-z+S}&in23Z+TUPeaSFchSdhOE0HWRA57_5a4k<9K1n4QJ6@Ttyv(<|-^FIfAs){oKH
-zqoB1uud(vU?4o(Mh)@Yne2`GvO5mxWbYq0!lNT2Fo9>2DjQiZ<u66N`Wbqiqa<6fk
-zE_2~baBzC$s*~+S&NA`?*0A#;Lq~EhFPt0)_lar&I+|CWtU+F@bLr+zEp#zuOs}tB
-z3X=ZaT}#ABufyaPp|I}B$x8CW#=SQ0Prry0_@67B_|^33<=mYJSm5GUc2<i_s`Q`v
-zBW7&ii}A>4nM|rNda1}rV7|GK^jbT#JYRA%BE6nLJBS9BEd(yLu>AqCaWH~S=o;Yl
-zic31awmQ<DYZCX+(SgP8=Nx(U0%C&fC(A~OqX!EaCBNh3YzW&a4~0Y0`PxXv@xRx<
-zu2KLOzn64osnaYiZEKQyzRNI6w`T0)h}(P{;8_1~gW@9Yn|KE)Tr3Fn_drOxh)ebJ
-ztjH=R5s@I+hQU5BX9B4_f#*V4$VKw!=$p?3_H+3ONT<QdaGQhWPLP%VTt%qt12MV>
-z51!~>BfRljLJY^Qp!I#PjtaOIPDWYp+$&mbuVGcU)QqmMx@9N@lGwtF9@~Xn-;x*U
-zRR}CmP}b3UWSLQx=yn#R!-^im4P0K}(>&NwVZrb@W~U1o6fNJ0i`^IUgM;lg5T9HE
-zUp?nq!(DFHFFOZ^v`yg@3Tp0oG-OAq7r%L2@%9|U=R!)c$gbRS?~&Uuhq2aMJ4bF)
-zf9njx1D3ZECBTEZrI0V={tmq_rW~!5r`TA@z92xfYOR#%H)xcyAYVzqvpW-~s7ggZ
-zV|Wf(Fi+sk3X;)Gv!LJ@2C>OTp;CMfZI^QGP_q1}y?ib7d!@%IEYg|Tz27j)$Y$y3
-z`4@4b-II|shmwgiM~Bgiiypp>)Nf4n-UjRgh-0>@+qtPVBd)8s%)CyCu8_8O6#0mT
-zf%CXFZHEb(A-2~HXCGkoY3Frim&%;~856h40r_N$o~%%u3OU(#^nHpCJf&869MoR0
-zqP7On(hy;EhPkfH46;KSkjHL35~I4ooaATVlj8K4mFeX(d6hS_vW^&Q1gR$l#1FOJ
-zP3WkyRW%X8xE`;1+p8FC`VJL(1*uzfeD%;{Gp$p1BKOFmMcJo#Y&Mx?ruFQNH{1^7
-zOHZfkTqNCL8+mP1emzme1_TNP`D>}n-%12coa(BwP0IT9FXEZ1t{DyZoYPX;<Rqs!
-zj;fk4g%}xwq@Go(-peNk60uKX9|sp9Zr0gpU~t#3l(@a+n85m2cSX|hw$>)PLp^dR
-zK=cP-8M)<tfpGOWKW9zeuyun@a6ignRwU~1rAYvhfG=S5;}FUUr~}eJB{P78!2J!>
-zf3265`=`i(z#yUj>vI3o>>xtn<-Ye+$zWwI^q_2ul78QG*>lf;C9Y5z5p$iWB-kVb
-QZf;>CWNWRj_YbE31}omyrT_o{
-
-literal 0
-HcmV?d00001
-
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.bad-salt.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..fef1e51f71c94240b8d5e375b3e5273a7cb54be5
-GIT binary patch
-literal 2702
-zcmai$cQo4z8^<M*2({HUiddm$e`YVSN9<9fTy0Q$mei_M5o#-SYg4P}MbJ>xrY#+`
-zsC%QWRa;5aj(vO2`=0i^??3mC=RD{8{XXYB|9#FEz%!(PL9_s#0Scp+OfXE?X9CfI
-zO7Zl25Ip@BfTyPbc!<l-2v&-RSbw)Hz#y9M%kXCc0_=VWC=*}|Nc@zH03QUdUd_4b
-z>Q@&82E%CpMi~4*-@x=x8h{^0@0?%=a;JrWBq6NzTQ|xqnPt3Pp-qLOF?ZhM@U*k%
-z<M%K%x4i6Wt8xQm4FbF{gH9|>8S;f2Y&sjIWE-ljnY#hYDxCPff~cAMW*cxt<J;g`
-z7rxEKt!+CbR})Lai9;%<dY=yzSQmERW|AJmoFl-*hdl2`@&qlrKs~-yr^UfJg&f|R
-zl--T4;(YJeEjo5_Bj_(02g<|?c@uGf*wLRXf+)b0^E9?H>}-Y;CpLL2`8~mKlp|`+
-zVO#NIfJLR9srurg7<1Ej)w-T-%g)6@!yv*e+5k~^q#IT){H5sgJN5YPZcURUPXdi!
-zN@w;^Hc`;<6N_m(RV87hh%xp;Lh5x;sSl8PXF$HOA0?7+FDt$bdiyl3%%I$X{ra_f
-zJ`2RXrjL55k{(`MOM+~0Zmgi4Jnc^Foo);RAE$@##I$FsjIw!{Ot0hRk*m@=_D065
-z1+(e<9K&kCg=sx6&WN!QE0MHc@~B@qO6EeUeBQnCiO2c5<l+)KB-!qZQ7c{y|D_Vm
-z`*@;fv(59RASy~C>Fw!CwRHFuyuQ7&RbJ5UBeuS)evzOVc5rXBoRm=UlL}s>=o~+5
-z;7ZH>w)!=YdqryP?c=0xTP-zzY87Pe6XX|(UJCf7h@CFhV<DU94xh%p;F}=X#6d*L
-zeh5>n7Q`eZPV#0iQikCX3UsTbnBm^N7vPuIPg2J^6)(qm*LH1MB1ct~iDqZEh!HCS
-zivd(AZ9AM!NuZkzWw_oW?3*mbfUYTXPfzsK@j6Jm+%4-tw+qTf+YN7{9vo#rU3+n5
-zvyK9Hv}g`0NA_53jmR_9k;_gERIxH8D-D?j$#GKkq575igo26mt<!A5R;AJ227*SX
-zwf2+d8SV4SRuf_|ym`A-B~hrwEE=GI^xIs;e4-<Tq7Y&Nfm*h-z5BH;cIaE5>uVg~
-zGDsY2l^9*E^X2>0K>0{pzxF_tt9z$axmMf^J6RHZ(xN+Bw%mTH@ym<=bJ%nxmQOGw
-z{(z1#kxZs$Pji|XCHu)qt|x7j;Efv~^oce)=aynrS{KfxKLOty_<)g}W>R~>&)Tkv
-ziA(6PeVfxD4Gn5DQLe4`a+EAp&hEQAh`3$vRD~2jSx=TPbVk~#q0MP}E%vU&sF)vG
-z_G@dA#y@aBA0+qQ)psuP#S=Y{Qe_;>C6X#x39m5>b>j&w<(t#<LSaoW%oe+WE;19#
-zjuUC<{(wO$t|dBrh2QC`uO~X5n|e=C(UIS~%)IJ__nzF+^e5JJXuc>cf0>fi)_eBn
-zA7Pdj4Ds#91AI^Q8>Mhe6h${nk7nMP4O197pLr9>vstt&6n$!9))v=Uq0QBBRu^IZ
-z5x_&^fAHcT06{|_cqsO}?f-qeVdwtKCPoGj_<Jb#-IVz^;8+i;X<RMzb^cf2G<X_U
-zD~b5tZhndOzp)xR4#7i4hNR&Xbt+DD<Bmpk+d_3Pd@SDgC~vBQ?8-S-h%_%~2^jI5
-zKG=2DG41SzQ2N)b6>L8EU{nVCi;PV<2bp?&S?k(E@@7*8Hki{T6W!VwY`WM~uJLSs
-zfWV1!I28*C?yOf&q;ef)*q>6*lozg4rs>VMY-wLJ>nPM6xF}#_)8C&%VxR4zHplY7
-z&g4k?J9OzW$4XKG6wbv6o}**G7S@V&J$r}HfH})RM4pJKJm`b<O*K)y=)*{^98&mB
-zOww&t*HiSS=h7vCG<6KxxMR38EQqz(*u>M)Nz}^}vK#1cOG}#$PNuO9mV`BL-SV;8
-z+va7TjD|~FR`=1?ekIfO+og+cCf4@QSqmK^7(ElwJ4@*i)7_1xS3MV>GY{mfpP(>D
-z!D|CP6O~iB4;MTl!^FMu!GayDL1zNe&5?$WpIhK>cpApg?{j{1Z%B9`i$^O~`h2A7
-zFc!~-gk(m4b+Ns~QBKNW4!<ZoawO;W+{Jl#pP(A3t#S478swGQd7b>}#U6&Nne}zu
-zVCmmIHHD4zx=e0W6gNCRT}`>)yw~CT=@+pIzGn)jH|qxU^6pFqE}rL8c2$i|t`3;}
-zBX(lwi}BcaxlEcdYWblN|3Ygq@s(CsWue4oWM(6sRxlMTTMX#7vHk(EaWaBU>KNel
-zN=m!FwL4RvX%O~MxS$fx3(h=xfw95%Q|04?@q@*z(%-RiHWk~c_k}_;c{_;43BNbK
-zs!;%!ypwQcYS1Vv>u8aCwo5lhvu5n)jNN<_=-haJgX|{epA>}<DiMGNc(F*hiAfG}
-zugWSW6A&QShQU4$M<TH@ky|P}^b+Ya?#5I8{d~R(gv)Ssgw4T9H^?erzA8*MLzE^X
-z<FWp=iq|)nSw`blQTqN4<NWT$Q!&;%cOQQ3tYcQQ)WB6)-7=H}iErUWPV7RjZ^;Yy
-zD+HA)C~Ipzu*@n?^58;hGovQ3Lsu4gH4b(zGog8%b29}E9<D^i$L$N=goEwXSw6W1
-zy?l0l4SS_kzx)Cm(lL!yD5|^b)s!2fR`U8$)td`+pNq*Q!n<-S{YM_7?8cgJ?3_7G
-z1FW+Q518JFmjW5{%b{OLgI#)GOxfGXPcU&31Hphu%~~15Z_pTJ0p8NUr%{t<$ZADE
-zeRLjCv{1p56D*^VZb8P<4P#P_!X$Z}I&|~xkg|Npy+TdYJEcddOw!r8{m1APM62}7
-z!t;2M-l^!>Ly4r>qeI-%l9zuo<(Q$-*MMz^<%G57c79sjnEO|3c0spzPiV(mvV3II
-z&_!&AmeVBF5YumlwGXuVwDYRE=kk2OITMfSA^8-GzML@ZWm1a&_`6g;cxt`SM^I<c
-zs_Gg<Q(c(e73RJ=JIn@YLY#PTi;wGsaFCvYPfIdmS7%nv6;$8I$vL906QG<H5#HDP
-zwxD9lzp4rg#P|6$+B%>ynL8BdRfNvN6Nf{u&Gc@a$^0XWHf6t(iMbS}*>*0+*PKoy
-z-6t~*ZW5lbje-sepPq<f6AKav`D?j6z)BcJnC_{uP0soCFT%N+o>_JHyvuU>)D(vp
-zmZFk4%`!FtN#jzg-76#o5in2U9)&z)xzS*!j>cZUTI%tJeG=nm-4jj4+gh9GjP%JN
-z0g)eorRS9U1#-U6^%--@hOGy5lJh|xqas0@H(eZv0{j7^ABRw8Kn;-oDH#C-1a59&
-zBWP=_ulEmE!63o^>vI3o>>z>>mHu~CNML16)Ua%ulK#L<`7`gp<?~@O!sgmB$*?I1
-QJitKh*G5^nATS8@Hz^a=n*aa+
-
-literal 0
-HcmV?d00001
-
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.good.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.good.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..b8c8c2d7759c66db30d791389a498418fd9cf2bd
-GIT binary patch
-literal 2702
-zcmai$cQo6J8^$G)2(`y8iddmy^lSDKd&C|!%GIXSo+Y(v6`{6LxAvx_7ePZ&o3?b&
-zqVA2hR&7Ppj(z(Zr#-*lKlhLKyytnI_nh~?&v^hmLoygd3*Z@`FnUzHLHs@whz?YW
-zr{9C%>9+tpJq5r+oPI{IQar@!yJZdr(R^P9KNApO`$IsP03$%+r(^{9AaFGT*QT>i
-zZ2%YyrvVsY@c(=R(?e+hei*%DyaC9S76L*+SnIZKmRT@MdpbiK3r3>uzK_P!&Tz)<
-zVXJR@*wI$y_{r$|d0+<|SQ^vi3O3lZH%iy7sWzsr`YbDO()$XMM$VgUz!`&Yg==2;
-zHXFOTZJ$ISm4=cAl}~j)AIP)L@4n3-KZZGmfl0+Y?}u{*EjmHn-c_eXf!PHdo*I<h
-zjn1Mx&zLPbc5y@KFX{(Mqzk#@v4GgopDcoCz=Z2GrZVJgnk!mt;&#$|qQMA9#H{_c
-z!bd;zN?Q}Pg#|I@#<8k3U7O~eiv<PJh}qV`B9q+Iw*;pca1aa~;+#)<Ak8lU8j
-ztiddjpur~=lQyby{BR*-%!T-r>!4CEAmwhqTtgpPB+pJpd<pdSX=<5%xjp;!Yju3)
-zi2IEnbyHAo9_JSY+2GtbL0dW6otC>@SOz{WH{tOq_Y`R*vk>W?8<&T#N@?2}8m;8d
-zr0sJIsRkCLcE30y#e^+~(|*aNe&r~c4XW~b_sT0S+Q%s;I=&sn_CSnU@nYyN<w)Mg
-z<K3IB?k@$=5fX`SPnQW&p;z#Fc8-?00lSabdawF~gQnTRJ(04KLPbw1c#)#B{H*@V
-z&HLMG*FdfnDK&SF6TfXWSO2M*pRrGrTOfJJ;}^qrI$4i}tRvgK8hQh7fn*W}5Xt*N
-zOfi}e<Dgj7tsbN_!y`24c5@NK{rfM#FR!1ZjCLqoj`ghR+_XTBs3?(4&ukFGmP8hP
-zsAB4ND4n7}7aQ7Oty|bTNs<9mUFMpW;H~X(kb1dG#*J<ll!dV!+D1P-N{2f4M3>Fn
-z5V)&Jb5J?F$6{l+K206I>`+e?D^s*om##;RkqL)tSLWjL$J4e>vjkfdM|$ds>K#^E
-zPnxE+IF~HP#iDp~cdJSw&<mL~KtB1m*^0S@8x)FskTC>m(cJp(*V>rDZ@td1qXDM@
-z(rAms$V#m@-=})YN7}m8hbrg0c3PBb#7%J%C4nc+IwNIEZI>FpObalFOjY9e1cTxZ
-z=ok~$*Qr@kT&9LeKC-B_#ElZXQ9Xn{!CL#=Vw7^r{JFFz;9LD4urgCjsxSCi+f=Zz
-z@$EKmv+Jdx0j<VLHFX|0P^C&)z4rzXcj_Ffkm4t6Npb~_NLy8m8BLG*-jyh2vqOtM
-zElu*+2kz$s>pl1M91FeiBsZjF83%I-N;xzBHI|`vEWWvXb81c~r16F6LKo1v&cw3g
-zKpuS1ub&d#92vUI@9@>z9TUe*y|18fgWt2vtm=j5p6ue(C)PD+o+vDDiIUmcbN1&S
-zAr|Hgac#%_d{6ZnB%_%q3N99IO}x_^Cb0E9=1nBeX5p?-<f*Y~Yivh_*7^Fg+Ay<^
-z03I6mgBSk-5HtvahvL55zTd|acJ9AyVq^e;zlXBlP3eCEj@5vw`qct&$A1J)y}J=X
-zQN;UB(@Tu+&6VIW2p%##C<UjeQKLmS?y3`7=Lv!E(Kzp;+{ub{XRgr#q*;Em-?01C
-z!LGBmNk<oi(zj|QZ~egwt31$GXk@}Qz|`%{TH6+sJCoeM!JLLlaA{+(?qpNG#<TeW
-z0w>KzE1OGjXTEwOnR7#${VDZKY5q!Os_tC#mew`X_5z*$ivrfxeSO(v_L)v<Qw$I6
-zOqQ&-LzfnHtSIS6;aUjeIXd=fX02G$wX+ZQo3-#q<cf&Ofj(H>QWe#WJPbddO%C0O
-zO1z`ue2Uq0U%Vucs)ofFwGVZK1h5tv8M|9Jh<cbncKv;AXlc{HNi;TrC|J|hZ7<8c
-zZC>_?NVt>*p_jJi>pESZZJOw2LQOZFmCzxA(LDjPvzQh()zx5f)qUYPbAR^Q2^xD8
-zxZ3YEUOAalJnt4BBJPO~6l`A!I1`X+3O9KC+#G+?-5`p7pX;M*ef&ciJVv3?>mya0
-zv1leJC?oQ#lg%ZLa&kIz=tbe-BUzW{PL4zSL=}H6^{bCpA+J<9wezMHx*0O3*Vc3b
-zrG9tU5H{59G`?L?RR8#NCHX<qUc2|FU&Jc-p2?rys_oa!y*uH*z{#iNtP+_-@SFJ~
-zW_<9A(dbyYbgB`0so0QzzNLutN;9OgKw>jIqk&E{kP4P50(4qg|A1IK7{VsB_3^qT
-zrJdi}9I4OLiF@eifD-o$jy$^lF@biI<zvLLgN4k}-*K|m727Efgn~18+et?8zc;+9
-zmIs%-lW=CLS1&7TZ<c+wOE*iiYUJaH+kE5i*zjOu-9^kdF#;h}A^`RCV3BYULk)1R
-z$S5Qc5g^!x{yq;!0;w{ATQW5G68UrV&8PhPd3+TJry)X^^}%u%$kK1FDnuq-lqNm>
-zvEH?c*SD5fMq*dcdcO8!{H{flQC2(miobT$GOJpsM^{<iHb8;Ix9}n-w!zo8<b?a=
-z14`wUv@{-CWR@qookwahqsMWBR~C5H4|XmyVR#*LG6eODmm}h0_XTgk!FFmapIic7
-zKI2@)U1`xPzW|4{PvPVXYwvk9=0vHMyna;m<^tX4qV*EtUD@TnBexNDBaJt<j$9^w
-zR+$C|OmD<Xf%Lhh;4kEXPTemi>}~5$u(1;Tfq+Q$Y8k_C&?qGV-ctXk5ff)ff&!p6
-zGKVOfui(iJlvYnOU&ql6VUrC*P`nQ9I(fE889wA*fd=}W;-eHMsjQs7W6Uz5MQVEf
-zd7MbkWaP}DMB>cRVf5mnhi?<*n4!U2pKXxkgthukUTW>A>sMS>ewTQ6aQoYJx$wrp
-zi@0`8hY6|yw$Bu2=WqFG=M|y*@|@o}V>iN}T(Ws@b_nh=IoWsYU5XDprB3K0sH1R2
-zWfh{KCQR=Pb6uGkVuLgyPTaV~$Fzeu$WOtiB^fa*)63`b2{*H|kLYU!D5r(Q_jTUQ
-z=&16qD#8MBy<QDA_84r&4h4D@p<R4pf9SE9)}=j>cVynG<Wn*}o6I!RcK*g|E(fyC
-zlj(XF33u2=emjLvS45$a1&M_GwN&nBDU2pgbywRYW&ipY@mzKHj2e8-X(?@Tl0ytf
-zQBIg*86AhDo>#2dD<B6Du}@+j1r@X0thZIe;I3aSb$i1;f%UQKj-=vktc<mXdu5S;
-z$Pd8MbIJY!;p}yO#+<xi;|87JdYH?oK-A(*69*yyU%>FkA(R<V1*CpTMgReU`{}Fx
-z+8`tQ?;-~V3I1P~`=4e95e%#Jy{AkDD`}vIWLg#V`lrjEdHOGLhDZyWX+<T$CLwS$
-Ob8A5xD?ME>2=q5e$<~_y
-
-literal 0
-HcmV?d00001
-
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-len.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_256_256.no-len.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..35ebe05d177f7d745251e2fce3ebb4f23e0ebd09
-GIT binary patch
-literal 2700
-zcmai$cQ71^7RK$`T}$+Gm0-0cYF59jURE#BuVfLuv(bVGmgqv<=$){+SY-*KlY|r!
-z#Jx+RMXxLRB6xZ8-X!nMdo%ZsGiT2CojK>f-+TxxO%f15iNMl;A=F|C`U%H$04hKk
-zmih>UrQSnesYwVd$oZ!QDZ_#+ze{F70LAyF|I+~=Y<~=3I)ouY^yf&6;08feacsLT
-zzI8!BAd~_@3xWRY8;}}If#88qJ0<7?+$cc+F%V<@-tBU8dPy%AaC6~U^!*PpSju_U
-z_#<@99Zx&T>f8V+y#P=2kRwBLhD_lOlh#hzwiVgh#7&Q39ZL96Nl?#yyN_@|VcVe^
-zSHCXAZSLDA;|OKpgkhx%ozEw-j7x{_GKo(iP7y#t3Fn8=JU;VoK(9~rMR9OWA&Zwf
-z>2RmJINvLFkBV8u0Q`&Ei2~tj-eep?`0P&xJ|x1J?IN}+>~fARMtJ&8@&~;B7|Xo{
-z`+d2o0JADvW7XwlVfyBY>Mb4X)`M$>`a$@4lpd_^OgpSX;7ifx_p0$dJ?chD9(W4h
-zl&<XIYyzMDCkEpVvQolm5pC?%gw$JrGH*oc{Xv<=0i<BQos`Hb;N7#da=i+B=36)G
-zxy@h?o2PVA#oRsFSNNEq92h=Z8OnpU`#oqHZZ>y;$ytw7Nd?m|$vy|gQ5y*@I|IY@
-zg8B4gmJyZU!nEF(mxS1ewMfb@dE^b2(uI&}@At30<70fCb7K-Z#h4xmlPh12{G}Ad
-z^>ng#x836vAM&1P(z}Z_oJ9BytgfAtMPAV16Q+I}-$=k5Gq5j8TAaVQsgesWw7|m{
-zxYl~SuX+>UR+(CR_gm7}z1EsPH3~A1@iNN<Pg(3r#6dUXH-4+APVdJ4V1IyA;t(w5
-zID{@%17s8uC+6P=m!x@u1l(yYrg`}ACGgd)^VIP!ImI}y+U{L*_?WT+!Q|2!Hfn)q
-z&;!e-?T1sz^Y$<y^|yKje3Hd!P&MUl>4`pCo+oLFJyPyehk$I9?Z`gz@mU7gr7xy@
-z-hubN2E|F$=n;dp!S)<^RMD}4EL<*cp(fcNHbKOls@_;kD40y&yU6BilOOAAz^ipx
-zYBsgZX|k?bObSPH<sDX+-a{^DQ6LJ4zb#ZQCOVKvvLQwwuz73y`(Nu~hrjl_yoo_L
-z4-v-OM90?ae7HX~kftc>Hy<mr_Z+k-)QXs3rb~m*TeZi^S39mZewpK?51XyRaPx)4
-zpHR^zZf}#bXW2{)l6|Gcwvu*Av4#yG>O?E8D=X1TZA(|un}Gg<AJI~?bSf`-7(0~F
-zaS5H)?{XR>z(MUs3bpl~4q{~r+5HcOV0Y^stKlN&TgftoPH<Zllqp4@+0l(?CDT*$
-z0Zk3!#7B-7L)(21be)QPumpFwcsUDwshCn$!W%SA-9$ob#qR7Pe^~QNljR;n_ck5F
-zfg^GF(V$*xOlws58js_Kj|VEAgZxlV&Vk3P+_d_o*OBzf>?g)8aJ~>Ef0dNg-go)u
-zA7SQZH1QqZ2DzW<Hj2m4k>p&>-CMZkc8nq0`SiPR&fTIz{-_HhllHi-N=^2L%en~D
-zDFhZA|AQC*1Q0j`gau>1%YNU>3v%V(Y@($B0Kc2k-$lv41CHg8ikeNKkJH}*r@_Mz
-zCokx8x8)Ve@Ai7=1PBWn9hQKSRLL<yJNMOa?Mt{|=y<%(S>8<LwhP;MA>6c}HDJ_Z
-z_T<n-%ebotL>kz%l(qWkjaC{OC^9r=8=~v=VXW&2$(v6Z+@VhwOLXm^vFc`0y2-iw
-z5d<YH#3-4Ga%8=363=yzWPV1zR9L!Em8P@Ux~F;5q_a?a@EWg`)xbawk$JwG+!D(P
-zxs)dA9#Ex6f0GvvAh9h+aGrhhZDp+7(y_A-4OlP_gyjhe$pAiD`l|@(M4d*m=McjW
-zqLc0_yIi1lJyx#srm3P)hMgl_VL^<=hDILdjzXTspu<2vYf8#=U^0buuo$Fe?~b>{
-z(LNXRbQDy=9M?}-yRl6*V4E(qn^@aRWyyaEqxDEc9jv5B%=R=I+juO$pdZZHI!B_<
-zf;R`fC#z<1OP1Ut!$iEW!F-+TL6^J|Es^?9UzlNUd+0|~AG1xlH6%Qi!lLA=yr;-o
-zw8irwA(>Gd&eqpiDu@~M;nxI4&!k;nI6I9T<COz7)oh+_f?lhzYUR%^_tIp|ZEa}>
-zOZ@JkE?}V3ZFHxyxZ&x=ddj1gqfVbszX(@yKbO7muN&0KyFVSc%*w6cq8ycs3z+{S
-zc5?WO;rK*_WSSvzwZwpDsjZmsS|hBgP;@skvyn<8m<*IEMrgM){sFRbG=NNN>0xzB
-z%eudIIFX;L;g66pL8Ts7oj7#@V}tExDkks~C(Bu7zhk7WD)&<#@rPz|brK8{es6qT
-zBMU5jFX}?qpjKYq*(&|~kZOTq)6mxmv->vCsqxXywyUsT(mfb|DK9v{lR?x~SZs)6
-zT}mz)4+B7U^o}`M5(!m_9OB`j*NLBFZa?EW&gZU#Igj8XtWMT?02Tp@)nQT@LKGPp
-zPjzorzVTmW7>ip+>iXGF@VFJvL|Yy_DB0+$qgOFki>bD_qb~*!*~1E++lJoSlMxt@
-z4JwmW&{ThHo>h_L&JNe4M^0jfZ!B}Eog66Ap}3rKGx_vN*6zi}9rO7^fp)44pIn1p
-zJ!jp-+-TFSxC#Yz&SGSX>K=GD=SHiPzIjsp_A1rq;_Xs_L+Q1FGxsrOL-n_|PHe^j
-zmRb5IbZ<q<5E+ZBp<jqY-8x^4nLD<d&~c)J!3e>c&2pOGz|ji4TxEgJ?oD69adHUN
-zu|-(XQYB|ju%ueL**1o11f60KCdTF1shw{Nm*R#W6{;iO%Rfn_lgQ2;_=Z}8wMon^
-zy@(g=n~9n~6-}ByJB?Xc@$_pUeWPjg(PJ8BIA^T6o1a!U?zVx+F6a^I4efllEfd*1
-zd=1m7;W$m!M-P}_>;f%59lXZ%DlP_GF>=QZ%cPj~=Y(Mti79>)?^AuDsrCF*fUcr-
-z<xP;fssObM#BF_kgbCCPJ9p<0na~PhAwC0MlxD`R&#hf4z}?QtIis%QC0!KZKh*oQ
-zBBLudlm&R>`@I{j?NR8=0}|K<rd4uof9koL-lH|0e`eOM;9EMmkU}@#!S3*e&5@|x
-zG}quN>H*m)=p=FL2+B1xz~P|3Rx1K51d#aI-Wu!VoL~RKU#aPxSA{M*ucpt;un1#F
-zN{O=!<CCB?cKO<)LShge-4ypEq=eyigRLqGbIYd8{Vnq}+Sjr-ij1|kG}0RFmxdz*
-ze*l)6P5KuQYro5L`jj1OckndZ<2+h9ye3z=2qFUEjX?ca1k)pw{wK%<=&AhLC?);>
-wg4}<_IuKt(mEQv;B2YmcIU?0AuRAzb@!TtLl{HLKz*I9j88QQc{^zZK0K6{N*8l(j
-
-literal 0
-HcmV?d00001
-
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_512_256.good.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_512_256.good.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..e8d4899691bfec94614bf1614c0e9d45b902cf24
-GIT binary patch
-literal 2702
-zcmai$XHXM}7KKSjLJPg9krp5dtO*HCK!hMlfKXgfI#LZaQi2reL5lP$MT%7EC6I^;
-zC`DLA7DP4z(iA~@4~T#+JMWFY_iKOLxpU6BGxy&&2Tf*=0|J=QWOguwO*UFLdXE#p
-z0(eAb+Xa!?w$Nm@H8dII@GF8mB7;nhEn^^n>3He>N&slHp90K@)<?_yl2EiTh_xlT
-z3;<3nRs#ZAnb1%O>wmrh*}zO_5eS=Iv@YNlGYB9H;<3c(p-6ScN9EXskqoP5qi{0w
-z47G^^7Gd+bc<}~Fgv7UOY||$9Vx7GWFqBwZz(2@Li=v*KZ6RzFhbL%5y>@HX*g|fK
-zCFqY*(F=sh(a;N)GHI#~25yMcT_{*a)IDT;VNko2^?scCxtKjyLprQ(YXAh}L#%n(
-zTQrhNI76$_g!lGcpUJy)#$0n;G6ZQ#gO>#8w<E(BW=OTUrS0>>!LU{(S-z=WV6_Pg
-zU*q$mxw1C5Ex$SI=B3N?jdOchd{4fgVv=pT4ZoVk9Z8}FNHUvYc4BhvoTUsI8L^sL
-zopiZ;y2XdHfUO!<ix(XUzF>V<?{33qtpjS_#&<x6Ph;rNoRc4EEJW?G4+GHh=kMKF
-zROMDD1HlD=E;+H>-Ar5BROQO(-K1jGZ7ZwQ!@L!*8;l#mKUQ?Yzp@bGbDg<kCm0H$
-zm=7fqLwDO~`9q{{Heq=CqNoB4GC(CuUm=a{fHTYw&p_OEKIKNVEXOpY5H#2D*bSj-
-zB_fsXaAm)+$VV<BKqX;y<sSJ{r~L`s0RwO!pPfLok54O}UQ;d;(iY6&7j~@nx?RQZ
-zaG$G#Gx@U<>|ELDX}Q&X!Y4%3b*7*VHf%9yZv!SWi>t>qm6DRrsYEr;&BPo!3}4V@
-zk?AMeU*?oAW{xGA$SE*L7`tfRwiT#@v9gqOtDkqwN;#{ly0J}Nt?hZV1xAlN*4&`O
-zo9da~^}MoxyT7Vk-9<e5D$|v~=~I!*LFJiRj3hy`kXLEBf|}nLVQ{Bf0_b!nZxEOL
-zZgpvE+)(KtC5S~f@YTytSLXv^Sx1+1K65I&s79*Ba!XOy;y9Qzk^;%(e%;SHZ*K>2
-z`Y3n;E-oE~9xR#>@)u0sn#CVfstkUtzoh@2+a05kV*_uuuYEzSeI1hbS)7*QO!P~C
-zUpz75Z=$s3)O#=QnbMzDER&L`hq$60tR+pC63&E_?TS#3G2b&kyp{F7S&&35;>&M5
-zoi(MtRe^Tbu7XhXI68w9sOH1As}p-duSoG*Qkw>vkUeG2mDftlHA~m$ge}onp(n8m
-zjgL*GaTIZ6RA)2QALINZPma#jy)Ibw&1Y%$yleTJY&G+3C7q8dc)f9RLJ&!BHfys`
-zaK2_A6@J2!er@{0=ws8BH6wK-N)Zh+u50iiFvMOD3ykZI*xk+il9(tg0csxxoP57w
-znjV%tW3P<x_ZaKuFIsbFJHs*wXx38CU~=EEt-wBjz10CjrVfer(v8}81fD}z0>Lyr
-zEqvBZD*alJHx#UUSUudi^LW71U$8h1Dw(>yN;V%GV<!xVy4!j<RK(-BQJ`-Khwx}L
-z8GP?2Fa7}#_zs8+_CB_W$Kwj&_%EBF>;T|#h&eWq{{|fGcn<h1hri3e0;lOpp1z)O
-zomXS9NJzfjm&YJ7Xh<hf#pB1c#r7bfxtpX$tysm0*s3MBr$q|YjX7OZWrFNYvk1L&
-zJI~*Wt1Boh1xHtzvL@|OCA7bVEAN)n7|*SaHTw+~#;s`Z6eHG<wKF%r(@b?chU7bi
-zLC@vai_!{=q-D+6P}3#akAYH>3K57F4v8+{vgq3Oh~ZrmcEST-O8z4%K1s}M;tPIc
-zvuMYpV5W+0Rp}Q}bxD!pJEs=sD=OV!n^Ee3qTtk`$Aw(zo%z>QnV?T|U!r)o;7w81
-zU8CuN<t9hhH9qTjKM|Zi%6M`M%0HLQFF4FP&pW*n@H@i^zNrw%|EkFyA=Sx@cb->(
-zJMm~Cz<qG(b=^M&1gG>xWw161M$eue=Jp=M_L1i0#Y2MGA8K()rh?vW>%30k;T}1?
-z73pvY=|4vmbzqOSv-E$-F!*{oNrwn~$f41DUk0TThvqA(==BjI2KmgHnSx1<PP~gA
-zhQL2MhsD10_}=o`6k(1P2M)XDV#?j7J*vSXyZlMJ=U3z0&dS+_7`zngPfZV49QbNL
-zcr2IJ=PbgEE9OspXQ$acrzg9(jx4W2{pC>=#&OijuHpX8vmIu1PgNf;+T-W%LX3WP
-z&{M@dfCZ%)WLtc}A*y(c^jYJ2tcE(uY+ewf71epylo^X+N#8rQb|Ue`>HI&+qd)mi
-zId1=z#p>EI>l<)+iMA|za=3;zliQfPg_;_ezGxi5rM!wx@zl36fR6R;pK9|{zggX*
-zI6Ww<vs&ldH=uj=R`o+{P`G<`nI$kF4qi_|bnl7;0#YyRlntEseHDG*)bq-l2MLO`
-zr>gv1upQj4OReh2&+=-Pn==w3ffs-CqWjKex5G188Rqb`XY6^RUk$`=4$`8sPh}=d
-zv}X!M)}HY<>H3J5M?xOCT|9W&eD}BTmWQhLCqxa48DSh-kzZRxQ+j6ECqP<r6gQUo
-zaa;YX1_#p{CLdLJ1pd??FL%9B*^t{+p80O^u2%AWY~5UfdE{YB;-z|E1q1&fpaaY2
-zCE>lX{Qmc^GC9chTwY@c+_gzt<w79+^yJkghlI)|+(jIiE6jNH6}-v%_QVMOkHQo<
-z!<JY(3RVhcE{m|!i{G`jrGH{rAR~I~$#o)9L6X-slC5>ryy>w&dM=$U8i>Kpbf+D}
-z?Vt}#Da&gwKZZJZ)>~u*r}KQ-=}o7F^3P&hdJSmW%72t?l7+Ayu%T4Lc{nj}7&S;y
-zz22p-cu4Wo2I^8oDFG?Hj(rdN$71iy?jf1LKBnw%CeB1cCTX{@H=Qu31p;5@G-X&J
-z1vYRNT{O^EkvCH4zO*k_)-C*YZk?&YXgTvRv&{EHw)K<0LYMb)dxsMdr7y};se-ZX
-zj`eRL<Ku~{C~Gig()dk@YReQeXS@e~NUe`Ki?4qq)tN&jr?aWM6mi1rUdE=M#}uSQ
-z>C6ZHm$aFaJ&TF0w;}^q&d-N7Xu0&R=9n)a$X>W)J+jk6IL8~=YwI;Vo$o%nPP#DS
-zOsjaY(w>~<mWuO<75)+@-VXlWJ66J7DAxT&H*o4c3v*D}guFnmwj;7ESu?4HQ<fv=
-z36UZ;iaxS5ncm@IY19fY(&c?V;(GMO6r=l~H8yHN1Gy04?^5%q%h2YLmk($5%|#3X
-zE%_6$Y=RgekU)pyQ?9u68wBu#U`94nu~rL~corRuCZhFz9)h{h>gaR7Bor+MVil<O
-zNIux;sQZVjK!EuFbUBXWF86=U4kWJn=GxJey1K;MGVjLM(UqJXEi#WQEnm;py^>y=
-VW!Nl&SdEOYi{CK0av2B!{0(@<()a)X
-
-literal 0
-HcmV?d00001
-
-diff --git a/test/recipes/80-test_pkcs12_data/pbmac1_512_512.good.p12 b/test/recipes/80-test_pkcs12_data/pbmac1_512_512.good.p12
-new file mode 100644
-index 0000000000000000000000000000000000000000..64e14341a10d04e7e98cf83dbb2b6409ae1fd72f
-GIT binary patch
-literal 2736
-zcmai$c{J3I8pdbF48|5&vqjlrhOaf*e~6LnON7GM*TRf3A}0Gbexk{eEm_A}b`r8>
-zuMmwr#kJMgD&qQ`dr#f}?jP@Y&+|O*Iq!d;^8f?}G6YNm5Ex*zaLE`{%mFi)4xCSb
-z??VZ2DnNj50R*V?pNKY}0JS)^Odw#;=|cTUz`%{)0>%tn11|lMOaMQWo?KOURPZ9w
-z69S<J0Zg>?|M>=i!$5!lE!;5%1$L!@f+eA>5>rmGyl-<5gfLWQhjpo01c7G3<b^%=
-zBYD<TW>*uvx%W?sgue{9RT|s4#R>C6J%Edk<=-uq-d@r!ROUg)X-ILGkK7})ZpGl#
-z6-*+<Hbsj=r+2_#ua4jp=By#tumvdXyolfme*jrAEp$s?RNYoV8qxl7f9t-EWZ{S9
-z=f@t~uOu}`h@DMGJrDfsR}>R=UWkb{1Uk*#E0!_e;YnW&+pQ^eq4sI$Ww|Hv(}0#a
-zKlQ^+B%Z=t5EUDbniPw$^O<*tICAC6KObyy_!1pUMJP=_w3MQ_L}_KLa~I$j`nTT}
-zHKwJ_EiYl2+#BDc^{A=46L)q=)y5g6&!p^&Vq?l?HW_g0&*yWG8)~BcGLmG2_zkpD
-zuJoXL67oBKU=FvPnif~prLZ59aGj)q&F+Tb8c-j#f&RP0OKAu!zYnC!R&k()qJN1D
-zH)n{YHF**!la_j>+`ZaK*3+)|hY9ao;2E{SU;60toCXNT@qDh`ml?gc_3=eV{?51F
-z=U0+nWJ9&68P5wsaB~Oh{Ml7-lZyT?nz7-@3_Pa$cFyfOH{<n{{Kr6lNlu^X4V9#z
-zeZsyJ$mA!fIzI-2%mu;@ln9+?LIzVBhbIvV!e_HB9v*afptluaPS-g``wCfnHscoy
-zkx>VqUHj`A%$91}J$gqD1T>EH^|xG)1&ISL#*ZFlj`&Q|`X@`eO}%)v57KM?!MyKQ
-zXc{9i<$mE}VxakYPTQpB%tY3<g@LhUzJ~0@;Y&uXzm_ta91K}smV1)lnR^B1)XjQY
-z%B>V*Dl{DW5lfc_V}%EtVn1p7nY~{N*8NuoyQ_$)ws86do%hBVb(F1bVEvsA9>F&O
-zRQs=KLrclFky%8f;cM0HkAnqrG!8bmFh0|w6SSh^JAOInR!2Krmr4GHh^F&q&BF29
-z*|ec<lyXR{XuwgN+?-5L@S2reoF-zZwB>kw27|l!`5RThgUd3i2XeIHB||T+HmQF1
-zPDP#z=8kjer&j+4rM{T~`6CS-p+%{%^hoip*Obdm#BNa17XnqR4f#}AZEEru&#GzO
-zS(|OatP(Y7WaOUxEG~h6fN5pGvEXc-|1Te>L%`F|$k|~yrON}$Q~GV(GItZZR5rtq
-zx@@Va4Xu+B1WTkJN6(5zi^HOIP318BM~CGBg<Kr@uix6{KA0bF_%_KVe`7;d`>DH4
-zLaK$Ks@QD9D<Dvft=B8LGRMWRiObq*dEi{DtT9_cSK~o@BD1KPTWDH*JlS4t2wJ`7
-z{(&JwRc%TDN8fug+g8cy-J(xn>>chzYe`t>NjjE`cuObjo}66SL50g8p9$Sm^^tns
-z;0_RAQNMZd4}f48C;@i&)b>3cPg=(RvWbZS3^@&DPfg_i15SP5i)Nv}TDSi%aONt8
-z`B0c7FBPnYhe9LB8cKkUDN;BJQl}W&QaCv2Pc-)0f6CFEbAOdK&Ob3`Zm!y`U3A_z
-zODU+hSBxYWL41$n&+28lD!q0TwRAFBNsli%CnzuIPE_J$DjM&>bE7k^auH?~miFK)
-zIqaBwg7QmEwp)ZSN6kj5jefLN-FgZBcH76~>AGKHJauJBXEOUCn_uh{(n3he>JRLQ
-zR|B-g%xs4l(>}LpgECD!Tqrr!Vx|{2qiD6Sg)V5%4}U+mVekZjH08N`i}}Fy*3^0#
-zKz&<(b0knfLr)75aA8X|3pbq_oeCq8e7yiN*S+Qd)>ig&jMwh9R+b7e+Im__SSes+
-zMDA};&vN=jlrY*Ehga$F@lBOSQ_Yyhk>Pz>=S5R8vmJc<CA0m#ZCq}X<{wCy>)scR
-z=#Y@?kRW+Jndd2|Tkld<!w5X$NwO<(iWIDhl=|9_XHS&vqSUMt$7H#SNff*V3(s4`
-zVH{4fe=-iE0~|^sXXIhiEgZEuxydW&zm0!XOjMbPf)>K}))zdux@RmaSl_TDG0?o5
-zMMh%2I<kr147h|fX<qC5aUolnT%&cexJRim#E+6DQyhYIqz|##CF#D9;~m7VS$znN
-z<HMbZDfYG}kNTJihbpfE?58)P9PZSfHLHTu%qn^qjzz4y&`+RIQZ6FsU9LeNn-O8n
-z=G!R2(V4NqpR01K-krDY<o9+Un=~Mfj(a&*I^L9s<7Mk%uesfL)$$Bw4E8CO{4weK
-zdU8wZjeg-{0!i1Ig6@-7&y41AdDvS+TV!ddKF-nJbRy0U@-23P8WkFRiL1iCp-;gH
-zwLI1D3f){00+e#vEP3T!&`y(oKqZTbL8W-Ktzx6tuotO`f0B+2FTSkJm_8ph#;3_f
-z`JOv@t|eB}J=~W8-nut|`(=w4(8Gw;ZAjO0(er1#p>T4G9~=#_+fE&WM@d6`gnk`K
-z4ZAPu-T)R`7#!}|D~Z^i8YP*nzuQ&$t^)ex^SI)5bkOl@$Ch5et(hmU_H$6{=rd(=
-zH*9Taf@8>5lz@C<vBF|?UbMzupHZ&SLaWCQUAnL^b27O_&Pps)!cQMi*&ZNjBlcpW
-zgR6ss1eJR}`=O;)x+3=WZ{{TUvKv%B?5^3fJE~f4yjE$kZ%H;QkFNsLlodR#GWc14
-z(nhYl&9QV=RM@CG_eF+yCsG|k&gX0<wF_wZa1XM&z;ye{s5pfGCpDMrDiiXAf;%6S
-z2kP63Co8YJF<=L}CGry2HZG?kyp<fjffUX^e!`DTAyt>c`<to~W|NhWDKH0l(<0=d
-zL%Xt{J4%ZVI@VjNNnAva%oq+6b*hDC>s0rbN|)&x9;{@sX6g>J>@7D0-tggLsaChE
-zzWcuCVOajxbVG+ly{x;j!jR)mBkL?no4>)=YitX8aX)SOTr(yPVoxrI*RR#up7#Q5
-z!0saXlgee#J^Ms>kaU^#^Pe+9Tw>CWyg)zG{L3(N9jlQ$s~q?b%j!`e#kFy^z8iAp
-zQ|IfPf8O6EM%?ua$)DxW{I#W1QaAd&_M^8%JCiVwCzS=o!;k(}D<id9nn>aOl#W09
-zSk4>aZ7zFHy<|Igb>#!~?A4PQWj>6QxLJ@Kj1CZPTN_dw)mu~-BUvZrsoc9C#w#ld
-zT>K4KIHxQZl%o^f%#yHe<p!g0raxv<sQimJSsaLb0z@VQ2ER{XEPxt-_#>Hs^H6%z
-z8T%F9D?MlaAu9x|^*?Qn@wCnT>2{|Isuci|f7PzcNM|bXivb;<kdU{TM6<B{aTb+1
-z>s8AAv{)-jC$Rb~R?lGFsEHIm`3Psh-q4iM{;+CGg!1m8_f06hv5BRSmBm$E2pIft
-D?Q7k<
-
-literal 0
-HcmV?d00001
-
diff --git a/0125-PBMAC1-PKCS12-FIPS-default.patch b/0125-PBMAC1-PKCS12-FIPS-default.patch
deleted file mode 100644
index f7257ea..0000000
--- a/0125-PBMAC1-PKCS12-FIPS-default.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-diff -up openssl-3.2.2/apps/pkcs12.c.xxx openssl-3.2.2/apps/pkcs12.c
---- openssl-3.2.2/apps/pkcs12.c.xxx 2024-08-14 11:24:41.164589397 +0200
-+++ openssl-3.2.2/apps/pkcs12.c 2024-08-14 11:28:21.071004221 +0200
-@@ -17,6 +17,7 @@
- #include <openssl/asn1.h>
- #include <openssl/crypto.h>
- #include <openssl/err.h>
-+#include <openssl/evp.h>
- #include <openssl/pem.h>
- #include <openssl/pkcs12.h>
- #include <openssl/provider.h>
-@@ -708,6 +709,9 @@ int pkcs12_main(int argc, char **argv)
- }
-
- if (maciter != -1) {
-+ if (EVP_default_properties_is_fips_enabled(NULL))
-+ pbmac1_pbkdf2 = 1;
-+
- if (pbmac1_pbkdf2 == 1) {
- if (!PKCS12_set_pbmac1_pbkdf2(p12, mpass, -1, NULL,
- macsaltlen, maciter,
diff --git a/0126-pkeyutl-encap.patch b/0126-pkeyutl-encap.patch
deleted file mode 100644
index d1efe8a..0000000
--- a/0126-pkeyutl-encap.patch
+++ /dev/null
@@ -1,431 +0,0 @@
-From 77a0eabe15b9c8c0fb5fde27f6ce1c593c278e20 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <beldmit@gmail.com>
-Date: Wed, 7 Aug 2024 17:17:18 +0200
-Subject: [PATCH 1/3] Support of en/decapsulation in the pkeyutl command
-
----
- apps/pkeyutl.c | 83 +++++++++++++++++++++++++++++++++++++++++---------
- 1 file changed, 69 insertions(+), 14 deletions(-)
-
-diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c
-index b5390c64c2a81..a14ad88217823 100644
---- a/apps/pkeyutl.c
-+++ b/apps/pkeyutl.c
-@@ -24,7 +24,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
- const char *keyfile, int keyform, int key_type,
- char *passinarg, int pkey_op, ENGINE *e,
- const int impl, int rawin, EVP_PKEY **ppkey,
-- EVP_MD_CTX *mctx, const char *digestname,
-+ EVP_MD_CTX *mctx, const char *digestname, const char *kemop,
- OSSL_LIB_CTX *libctx, const char *propq);
-
- static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
-@@ -32,7 +32,8 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
-
- static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
- unsigned char *out, size_t *poutlen,
-- const unsigned char *in, size_t inlen);
-+ const unsigned char *in, size_t inlen,
-+ unsigned char *secret, size_t *psecretlen);
-
- static int do_raw_keyop(int pkey_op, EVP_MD_CTX *mctx,
- EVP_PKEY *pkey, BIO *in,
-@@ -47,6 +48,7 @@ typedef enum OPTION_choice {
- OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,
- OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_PKEYOPT_PASSIN, OPT_KDF,
- OPT_KDFLEN, OPT_R_ENUM, OPT_PROV_ENUM,
-+ OPT_DECAP, OPT_ENCAP, OPT_SECOUT, OPT_KEMOP,
- OPT_CONFIG,
- OPT_RAWIN, OPT_DIGEST
- } OPTION_CHOICE;
-@@ -64,6 +66,8 @@ const OPTIONS pkeyutl_options[] = {
- {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},
- {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},
- {"derive", OPT_DERIVE, '-', "Derive shared secret"},
-+ {"decap", OPT_DECAP, '-', "Decapsulate shared secret"},
-+ {"encap", OPT_ENCAP, '-', "Encapsulate shared secret"},
- OPT_CONFIG_OPTION,
-
- OPT_SECTION("Input"),
-@@ -81,13 +85,14 @@ const OPTIONS pkeyutl_options[] = {
-
- OPT_SECTION("Output"),
- {"out", OPT_OUT, '>', "Output file - default stdout"},
-+ {"secret", OPT_SECOUT, '>', "File to store secret on encapsulation"},
- {"asn1parse", OPT_ASN1PARSE, '-',
- "parse the output as ASN.1 data to check its DER encoding and print errors"},
- {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
- {"verifyrecover", OPT_VERIFYRECOVER, '-',
- "Verify RSA signature, recovering original signature input data"},
-
-- OPT_SECTION("Signing/Derivation"),
-+ OPT_SECTION("Signing/Derivation/Encapsulation"),
- {"digest", OPT_DIGEST, 's',
- "Specify the digest algorithm when signing the raw input data"},
- {"pkeyopt", OPT_PKEYOPT, 's', "Public key options as opt:value"},
-@@ -94,6 +99,7 @@ const OPTIONS pkeyutl_options[] = {
- "Public key option that is read as a passphrase argument opt:passphrase"},
- {"kdf", OPT_KDF, 's', "Use KDF algorithm"},
- {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},
-+ {"kemop", OPT_KEMOP, 's', "KEM operation specific to the key algorithm"},
-
- OPT_R_OPTIONS,
- OPT_PROV_OPTIONS,
-@@ -103,23 +109,23 @@ const OPTIONS pkeyutl_options[] = {
- int pkeyutl_main(int argc, char **argv)
- {
- CONF *conf = NULL;
-- BIO *in = NULL, *out = NULL;
-+ BIO *in = NULL, *out = NULL, *secout = NULL;
- ENGINE *e = NULL;
- EVP_PKEY_CTX *ctx = NULL;
- EVP_PKEY *pkey = NULL;
-- char *infile = NULL, *outfile = NULL, *sigfile = NULL, *passinarg = NULL;
-+ char *infile = NULL, *outfile = NULL, *secoutfile = NULL, *sigfile = NULL, *passinarg = NULL;
- char hexdump = 0, asn1parse = 0, rev = 0, *prog;
-- unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL;
-+ unsigned char *buf_in = NULL, *buf_out = NULL, *sig = NULL, *secret = NULL;
- OPTION_CHOICE o;
- int buf_inlen = 0, siglen = -1;
- int keyform = FORMAT_UNDEF, peerform = FORMAT_UNDEF;
- int keysize = -1, pkey_op = EVP_PKEY_OP_SIGN, key_type = KEY_PRIVKEY;
- int engine_impl = 0;
- int ret = 1, rv = -1;
-- size_t buf_outlen;
-+ size_t buf_outlen = 0, secretlen = 0;
- const char *inkey = NULL;
- const char *peerkey = NULL;
-- const char *kdfalg = NULL, *digestname = NULL;
-+ const char *kdfalg = NULL, *digestname = NULL, *kemop = NULL;
- int kdflen = 0;
- STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;
- STACK_OF(OPENSSL_STRING) *pkeyopts_passin = NULL;
-@@ -147,6 +153,9 @@ int pkeyutl_main(int argc, char **argv)
- case OPT_OUT:
- outfile = opt_arg();
- break;
-+ case OPT_SECOUT:
-+ secoutfile = opt_arg();
-+ break;
- case OPT_SIGFILE:
- sigfile = opt_arg();
- break;
-@@ -216,6 +225,15 @@ int pkeyutl_main(int argc, char **argv)
- case OPT_DERIVE:
- pkey_op = EVP_PKEY_OP_DERIVE;
- break;
-+ case OPT_DECAP:
-+ pkey_op = EVP_PKEY_OP_DECAPSULATE;
-+ break;
-+ case OPT_ENCAP:
-+ pkey_op = EVP_PKEY_OP_ENCAPSULATE;
-+ break;
-+ case OPT_KEMOP:
-+ kemop = opt_arg();
-+ break;
- case OPT_KDF:
- pkey_op = EVP_PKEY_OP_DERIVE;
- key_type = KEY_NONE;
-@@ -303,7 +321,7 @@ int pkeyutl_main(int argc, char **argv)
- }
- ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,
- passinarg, pkey_op, e, engine_impl, rawin, &pkey,
-- mctx, digestname, libctx, app_get0_propq());
-+ mctx, digestname, kemop, libctx, app_get0_propq());
- if (ctx == NULL) {
- BIO_printf(bio_err, "%s: Error initializing context\n", prog);
- goto end;
-@@ -387,7 +405,7 @@ int pkeyutl_main(int argc, char **argv)
- goto end;
- }
-
-- if (pkey_op != EVP_PKEY_OP_DERIVE) {
-+ if (pkey_op != EVP_PKEY_OP_DERIVE && pkey_op != EVP_PKEY_OP_ENCAPSULATE) {
- in = bio_open_default(infile, 'r', FORMAT_BINARY);
- if (infile != NULL) {
- struct stat st;
-@@ -402,6 +420,16 @@ int pkeyutl_main(int argc, char **argv)
- if (out == NULL)
- goto end;
-
-+ if (pkey_op == EVP_PKEY_OP_ENCAPSULATE) {
-+ if (secoutfile == NULL) {
-+ BIO_printf(bio_err, "Encapsulation requires '-secret' argument\n");
-+ goto end;
-+ }
-+ secout = bio_open_default(secoutfile, 'w', FORMAT_BINARY);
-+ if (secout == NULL)
-+ goto end;
-+ }
-+
- if (sigfile != NULL) {
- BIO *sigbio = BIO_new_file(sigfile, "rb");
-
-@@ -473,13 +501,15 @@ int pkeyutl_main(int argc, char **argv)
- rv = 1;
- } else {
- rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,
-- buf_in, (size_t)buf_inlen);
-+ buf_in, (size_t)buf_inlen, NULL, (size_t *)&secretlen);
- }
- if (rv > 0 && buf_outlen != 0) {
- buf_out = app_malloc(buf_outlen, "buffer output");
-+ if (secretlen > 0)
-+ secret = app_malloc(secretlen, "secret output");
- rv = do_keyop(ctx, pkey_op,
- buf_out, (size_t *)&buf_outlen,
-- buf_in, (size_t)buf_inlen);
-+ buf_in, (size_t)buf_inlen, secret, (size_t *)&secretlen);
- }
- }
- if (rv <= 0) {
-@@ -500,6 +530,8 @@ int pkeyutl_main(int argc, char **argv)
- } else {
- BIO_write(out, buf_out, buf_outlen);
- }
-+ if (secretlen > 0)
-+ BIO_write(secout, secret, secretlen);
-
- end:
- if (ret != 0)
-@@ -510,9 +542,11 @@ int pkeyutl_main(int argc, char **argv)
- release_engine(e);
- BIO_free(in);
- BIO_free_all(out);
-+ BIO_free_all(secout);
- OPENSSL_free(buf_in);
- OPENSSL_free(buf_out);
- OPENSSL_free(sig);
-+ OPENSSL_free(secret);
- sk_OPENSSL_STRING_free(pkeyopts);
- sk_OPENSSL_STRING_free(pkeyopts_passin);
- NCONF_free(conf);
-@@ -524,7 +558,7 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
- char *passinarg, int pkey_op, ENGINE *e,
- const int engine_impl, int rawin,
- EVP_PKEY **ppkey, EVP_MD_CTX *mctx, const char *digestname,
-- OSSL_LIB_CTX *libctx, const char *propq)
-+ const char *kemop, OSSL_LIB_CTX *libctx, const char *propq)
- {
- EVP_PKEY *pkey = NULL;
- EVP_PKEY_CTX *ctx = NULL;
-@@ -642,6 +676,18 @@ static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,
- case EVP_PKEY_OP_DERIVE:
- rv = EVP_PKEY_derive_init(ctx);
- break;
-+
-+ case EVP_PKEY_OP_ENCAPSULATE:
-+ rv = EVP_PKEY_encapsulate_init(ctx, NULL);
-+ if (rv > 0 && kemop != NULL)
-+ rv = EVP_PKEY_CTX_set_kem_op(ctx, kemop);
-+ break;
-+
-+ case EVP_PKEY_OP_DECAPSULATE:
-+ rv = EVP_PKEY_decapsulate_init(ctx, NULL);
-+ if (rv > 0 && kemop != NULL)
-+ rv = EVP_PKEY_CTX_set_kem_op(ctx, kemop);
-+ break;
- }
- }
-
-@@ -679,7 +725,8 @@ static int setup_peer(EVP_PKEY_CTX *ctx, int peerform, const char *file,
-
- static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
- unsigned char *out, size_t *poutlen,
-- const unsigned char *in, size_t inlen)
-+ const unsigned char *in, size_t inlen,
-+ unsigned char *secret, size_t *pseclen)
- {
- int rv = 0;
- switch (pkey_op) {
-@@ -703,6 +750,14 @@ static int do_keyop(EVP_PKEY_CTX *ctx, int pkey_op,
- rv = EVP_PKEY_derive(ctx, out, poutlen);
- break;
-
-+ case EVP_PKEY_OP_ENCAPSULATE:
-+ rv = EVP_PKEY_encapsulate(ctx, out, poutlen, secret, pseclen);
-+ break;
-+
-+ case EVP_PKEY_OP_DECAPSULATE:
-+ rv = EVP_PKEY_decapsulate(ctx, out, poutlen, in, inlen);
-+ break;
-+
- }
- return rv;
- }
-
-From 1598da873df55887c2d878549f74b7aaed6d5fde Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <beldmit@gmail.com>
-Date: Wed, 7 Aug 2024 17:50:51 +0200
-Subject: [PATCH 2/3] Encap/decap in pkeyutl - documentation
-
----
- doc/man1/openssl-pkeyutl.pod.in | 33 +++++++++++++++++++++++++++++++++
- 1 file changed, 33 insertions(+)
-
-diff --git a/doc/man1/openssl-pkeyutl.pod.in b/doc/man1/openssl-pkeyutl.pod.in
-index 50c2030aa353c..9de50dd6cee8f 100644
---- a/doc/man1/openssl-pkeyutl.pod.in
-+++ b/doc/man1/openssl-pkeyutl.pod.in
-@@ -13,6 +13,7 @@ B<openssl> B<pkeyutl>
- [B<-rawin>]
- [B<-digest> I<algorithm>]
- [B<-out> I<file>]
-+[B<-secret> I<file>]
- [B<-sigfile> I<file>]
- [B<-inkey> I<filename>|I<uri>]
- [B<-keyform> B<DER>|B<PEM>|B<P12>|B<ENGINE>]
-@@ -28,8 +29,11 @@ B<openssl> B<pkeyutl>
- [B<-encrypt>]
- [B<-decrypt>]
- [B<-derive>]
-+[B<-encap>]
-+[B<-decap>]
- [B<-kdf> I<algorithm>]
- [B<-kdflen> I<length>]
-+[B<-kemop> I<operation>]
- [B<-pkeyopt> I<opt>:I<value>]
- [B<-pkeyopt_passin> I<opt>[:I<passarg>]]
- [B<-hexdump>]
-@@ -79,6 +83,10 @@ then the B<-rawin> option must be also specified.
- Specifies the output filename to write to or standard output by
- default.
-
-+=item B<-secret> I<filename>
-+
-+Specifies the output filename to write the secret to on I<-encap>.
-+
- =item B<-sigfile> I<file>
-
- Signature file, required and allowed for B<-verify> operations only
-@@ -147,6 +155,31 @@ Decrypt the input data using a private key.
-
- Derive a shared secret using the peer key.
-
-+=item B<-encap>
-+
-+Encapsulate a generated secret using a private key.
-+The encapsulated result (binary data) is written to standard output by default,
-+or else to the file specified with I<-out>.
-+The I<-secret> option must also be provided to specify the output file for the
-+secret value generated in the encapsulation process.
-+
-+=item B<-decap>
-+
-+Decapsulate the secret using a private key.
-+The result (binary data) is written to standard output by default, or else to
-+the file specified with I<-out>.
-+
-+=item B<-kemop> I<operation>
-+
-+This option is used for I<-encap>/I<-decap> commands and specifies the KEM
-+operation specific for the key algorithm when there is no default KEM
-+operation.
-+If the algorithm has the default KEM operation, this option can be omitted.
-+
-+See L<EVP_PKEY_CTX_set_kem_op(3)> and algorithm-specific KEM documentation e.g.
-+L<EVP_KEM-RSA(7)>, L<EVP_KEM-EC(7)>, L<EVP_KEM-X25519(7)>, and
-+L<EVP_KEM-X448(7)>.
-+
- =item B<-kdf> I<algorithm>
-
- Use key derivation function I<algorithm>. The supported algorithms are
-
-From 1fe7d5b3d96e2ce1e822a4e6e042959af55b0145 Mon Sep 17 00:00:00 2001
-From: Dmitry Belyavskiy <beldmit@gmail.com>
-Date: Thu, 8 Aug 2024 13:45:19 +0200
-Subject: [PATCH 3/3] Encap/decap in pkeyutl - tests
-
----
- test/decap_out.bin | 3 +++
- test/encap_out.bin | 4 ++++
- test/encap_secret.bin | 3 +++
- test/recipes/20-test_pkeyutl.t | 34 ++++++++++++++++++++++++++++++++--
- 4 files changed, 42 insertions(+), 2 deletions(-)
- create mode 100644 test/decap_out.bin
- create mode 100644 test/encap_out.bin
- create mode 100644 test/encap_secret.bin
-
-diff --git a/test/decap_out.bin b/test/decap_out.bin
-new file mode 100644
-index 0000000000000..b94441ed1c002
---- /dev/null
-+++ b/test/decap_out.bin
-@@ -0,0 +1,3 @@
-+6�W�\x06����n���;��^[����m� ĥ�B\x18[H^[���#�Ӈ(��h�]\f:\�\x14P��\x13x�e���b��)G�f��"��˭f� \b��J�\x03)���\x02��\v{�H\x03m�\P\fú�+�P%��/j\x15ϙ\x06%�؆�<_�~^[�
-+K�JEh����lEa�:�(�\x10�\a/\Ѯ�b��î�\x10�\v\x0e\x18�\x19\x11�-g,A\x14Y��4�
-+l�\x14�t�N�)~\�HU4\x01y\x1c\x16� \x13}qJ�\b�\f�t#\f��}.��T���?��ϊ��cD=�\aL�\x13�n\x16mv�{�\x16�ſԋȣ�
-\ No newline at end of file
-diff --git a/test/encap_out.bin b/test/encap_out.bin
-new file mode 100644
-index 0000000000000..024fc40550f15
---- /dev/null
-+++ b/test/encap_out.bin
-@@ -0,0 +1,4 @@
-+�\a:��y�Đ�\x055�\x11���[�2�<��?��qժ1�������>Y�M寬3P�
-+��O�2r�ي��Ad"\vG�m�2m��7x��h�7-\x7f�\a@:\x0e?N�\x1c�rSꋜK��\x05\x13��`�t�ɟ��xi�头' M\x12h\x1e��3\x02\x02r�\x1f��ڃ�^[Sd��O���HT�F\x0e��
-+��kZ\x12'x�F�K�x�q"\x1c���l@04E�����;c�iA}U��\x7f�\fP6�k\x7f\x020��\x0f�%D��L\x19\x16�.U��aO�(L�I��Q���A
-+�[�uԞ�4s$���%t�B
-\ No newline at end of file
-diff --git a/test/encap_secret.bin b/test/encap_secret.bin
-new file mode 100644
-index 0000000000000..b94441ed1c002
---- /dev/null
-+++ b/test/encap_secret.bin
-@@ -0,0 +1,3 @@
-+6�W�\x06����n���;��^[����m� ĥ�B\x18[H^[���#�Ӈ(��h�]\f:\�\x14P��\x13x�e���b��)G�f��"��˭f� \b��J�\x03)���\x02��\v{�H\x03m�\P\fú�+�P%��/j\x15ϙ\x06%�؆�<_�~^[�
-+K�JEh����lEa�:�(�\x10�\a/\Ѯ�b��î�\x10�\v\x0e\x18�\x19\x11�-g,A\x14Y��4�
-+l�\x14�t�N�)~\�HU4\x01y\x1c\x16� \x13}qJ�\b�\f�t#\f��}.��T���?��ϊ��cD=�\aL�\x13�n\x16mv�{�\x16�ſԋȣ�
-\ No newline at end of file
-diff --git a/test/recipes/20-test_pkeyutl.t b/test/recipes/20-test_pkeyutl.t
-index 76e4f0a869459..e9472a21352e2 100644
---- a/test/recipes/20-test_pkeyutl.t
-+++ b/test/recipes/20-test_pkeyutl.t
-@@ -13,11 +13,11 @@ use File::Spec;
- use File::Basename;
- use OpenSSL::Test qw/:DEFAULT srctop_file ok_nofips/;
- use OpenSSL::Test::Utils;
--use File::Compare qw/compare_text/;
-+use File::Compare qw/compare_text compare/;
-
- setup("test_pkeyutl");
-
--plan tests => 14;
-+plan tests => 19;
-
- # For the tests below we use the cert itself as the TBS file
-
-@@ -200,3 +200,33 @@ SKIP: {
- "-rawin");
- };
- }
-+
-+#Encap/decap tests
-+# openssl pkeyutl -encap -pubin -inkey rsa_pub.pem -secret secret.bin -out encap_out.bin
-+# openssl pkeyutl -decap -inkey rsa_priv.pem -in encap_out.bin -out decap_out.bin
-+# decap_out is equal to secret
-+SKIP: {
-+ skip "RSA is not supported by this OpenSSL build", 3
-+ if disabled("rsa");
-+
-+ # Self-compat
-+ ok(run(app(([ 'openssl', 'pkeyutl', '-encap', '-pubin', '-kemop', 'RSASVE',
-+ '-inkey', srctop_file('test', 'testrsa2048pub.pem'),
-+ '-out', 'encap_out.bin', '-secret', 'secret.bin']))),
-+ "RSA pubkey encapsulation");
-+ ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE',
-+ '-inkey', srctop_file('test', 'testrsa2048.pem'),
-+ '-in', 'encap_out.bin', '-out', 'decap_out.bin']))),
-+ "RSA pubkey decapsulation");
-+ is(compare("secret.bin", "decap_out.bin"), 0, "Secret is correctly decapsulated");
-+
-+ # Pregenerated
-+ ok(run(app(([ 'openssl', 'pkeyutl', '-decap', '-kemop', 'RSASVE',
-+ '-inkey', srctop_file('test', 'testrsa2048.pem'),
-+ '-in', srctop_file('test', 'encap_out.bin'), '-out', 'decap_out_etl.bin']))),
-+ "RSA pubkey decapsulation - pregenerated");
-+
-+ is(compare(srctop_file('test', 'encap_secret.bin'), "decap_out_etl.bin"), 0,
-+ "Secret is correctly decapsulated - pregenerated");
-+}
-+
diff --git a/0127-speedup-SSL_add_cert_subjects_to_stack.patch b/0127-speedup-SSL_add_cert_subjects_to_stack.patch
deleted file mode 100644
index a6bd503..0000000
--- a/0127-speedup-SSL_add_cert_subjects_to_stack.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-From e2e469593a15681983d16e36d856bf8fb7de8589 Mon Sep 17 00:00:00 2001
-From: Clemens Lang <cllang@redhat.com>
-Date: Wed, 31 Jul 2024 12:45:11 +0200
-Subject: [PATCH] Speed up SSL_add_{file,dir}_cert_subjects_to_stack
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The X509_NAME comparison function converts its arguments to DER using
-i2d_X509_NAME before comparing the results using memcmp(). For every
-invocation of the comparison function (of which there are many when
-loading many certificates), it allocates two buffers of the appropriate
-size for the DER encoding.
-
-Switching to static buffers (possibly of X509_NAME_MAX size as defined
-in crypto/x509/x_name.c) would not work with multithreaded use, e.g.,
-when two threads sort two separate STACK_OF(X509_NAME)s at the same
-time. A suitable re-usable buffer could have been added to the
-STACK_OF(X509_NAME) if sk_X509_NAME_compfunc did have a void* argument,
-or a pointer to the STACK_OF(X509_NAME) – but it does not.
-
-Instead, copy the solution chosen in SSL_load_client_CA_file() by
-filling an LHASH_OF(X509_NAME) with all existing names in the stack and
-using that to deduplicate, rather than relying on sk_X509_NAME_find(),
-which ends up being very slow.
-
-Adjust SSL_add_dir_cert_subjects_to_stack() to keep a local
-LHASH_OF(X509_NAME)s over the complete directory it is processing.
-
-In a small benchmark that calls SSL_add_dir_cert_subjects_to_stack()
-twice, once on a directory with one entry, and once with a directory
-with 1000 certificates, and repeats this in a loop 10 times, this change
-yields a speed-up of 5.32:
-
-| Benchmark 1: ./bench 10 dir-1 dir-1000
-| Time (mean ± σ): 6.685 s ± 0.017 s [User: 6.402 s, System: 0.231 s]
-| Range (min … max): 6.658 s … 6.711 s 10 runs
-|
-| Benchmark 2: LD_LIBRARY_PATH=. ./bench 10 dir-1 dir-1000
-| Time (mean ± σ): 1.256 s ± 0.013 s [User: 1.034 s, System: 0.212 s]
-| Range (min … max): 1.244 s … 1.286 s 10 runs
-|
-| Summary
-| LD_LIBRARY_PATH=. ./bench 10 dir-1 dir-1000 ran
-| 5.32 ± 0.06 times faster than ./bench 10 dir-1 dir-1000
-
-In the worst case scenario where many entries are added to a stack that
-is then repeatedly used to add more certificates, and with a larger test
-size, the speedup is still very significant. With 15000 certificates,
-a single pass to load them, followed by attempting to load a subset of
-1000 of these 15000 certificates, followed by a single certificate, the
-new approach is ~85 times faster:
-
-| Benchmark 1: ./bench 1 dir-15000 dir-1000 dir-1
-| Time (mean ± σ): 176.295 s ± 4.147 s [User: 174.593 s, System: 0.448 s]
-| Range (min … max): 173.774 s … 185.594 s 10 runs
-|
-| Benchmark 2: LD_LIBRARY_PATH=. ./bench 1 dir-15000 dir-1000 dir-1
-| Time (mean ± σ): 2.087 s ± 0.034 s [User: 1.679 s, System: 0.393 s]
-| Range (min … max): 2.057 s … 2.167 s 10 runs
-|
-| Summary
-| LD_LIBRARY_PATH=. ./bench 1 dir-15000 dir-1000 dir-1 ran
-| 84.48 ± 2.42 times faster than ./bench 1 dir-15000 dir-1000 dir-1
-
-Signed-off-by: Clemens Lang <cllang@redhat.com>
----
- ssl/ssl_cert.c | 74 ++++++++++++++++++++++++++++++++++++++++++++------
- 1 file changed, 65 insertions(+), 9 deletions(-)
-
-diff --git a/ssl/ssl_cert.c b/ssl/ssl_cert.c
-index 0ff407bf55edc..5e5ffe39d0655 100644
---- a/ssl/ssl_cert.c
-+++ b/ssl/ssl_cert.c
-@@ -813,16 +813,14 @@ STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file)
- return SSL_load_client_CA_file_ex(file, NULL, NULL);
- }
-
--int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
-- const char *file)
-+static int add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
-+ const char *file,
-+ LHASH_OF(X509_NAME) *name_hash)
- {
- BIO *in;
- X509 *x = NULL;
- X509_NAME *xn = NULL;
- int ret = 1;
-- int (*oldcmp) (const X509_NAME *const *a, const X509_NAME *const *b);
--
-- oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_sk_cmp);
-
- in = BIO_new(BIO_s_file());
-
-@@ -842,12 +840,15 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- xn = X509_NAME_dup(xn);
- if (xn == NULL)
- goto err;
-- if (sk_X509_NAME_find(stack, xn) >= 0) {
-+ if (lh_X509_NAME_retrieve(name_hash, xn) != NULL) {
- /* Duplicate. */
- X509_NAME_free(xn);
- } else if (!sk_X509_NAME_push(stack, xn)) {
- X509_NAME_free(xn);
- goto err;
-+ } else {
-+ /* Successful insert, add to hash table */
-+ lh_X509_NAME_insert(name_hash, xn);
- }
- }
-
-@@ -859,7 +860,42 @@ int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- done:
- BIO_free(in);
- X509_free(x);
-- (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
-+ return ret;
-+}
-+
-+int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
-+ const char *file)
-+{
-+ X509_NAME *xn = NULL;
-+ int ret = 1;
-+ int idx = 0;
-+ int num = 0;
-+ LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
-+
-+ if (name_hash == NULL) {
-+ ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
-+ goto err;
-+ }
-+
-+ /*
-+ * Pre-populate the lhash with the existing entries of the stack, since
-+ * using the LHASH_OF is much faster for duplicate checking. That's because
-+ * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
-+ * for every single invocation of the comparison function.
-+ */
-+ num = sk_X509_NAME_num(stack);
-+ for (idx = 0; idx < num; idx++) {
-+ xn = sk_X509_NAME_value(stack, idx);
-+ lh_X509_NAME_insert(name_hash, xn);
-+ }
-+
-+ ret = add_file_cert_subjects_to_stack(stack, file, name_hash);
-+ goto done;
-+
-+ err:
-+ ret = 0;
-+ done:
-+ lh_X509_NAME_free(name_hash);
- return ret;
- }
-
-@@ -869,8 +905,27 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- OPENSSL_DIR_CTX *d = NULL;
- const char *filename;
- int ret = 0;
-+ X509_NAME *xn = NULL;
-+ int idx = 0;
-+ int num = 0;
-+ LHASH_OF(X509_NAME) *name_hash = lh_X509_NAME_new(xname_hash, xname_cmp);
-+
-+ if (name_hash == NULL) {
-+ ERR_raise(ERR_LIB_SSL, ERR_R_CRYPTO_LIB);
-+ goto err;
-+ }
-
-- /* Note that a side effect is that the CAs will be sorted by name */
-+ /*
-+ * Pre-populate the lhash with the existing entries of the stack, since
-+ * using the LHASH_OF is much faster for duplicate checking. That's because
-+ * xname_cmp converts the X509_NAMEs to DER involving a memory allocation
-+ * for every single invocation of the comparison function.
-+ */
-+ num = sk_X509_NAME_num(stack);
-+ for (idx = 0; idx < num; idx++) {
-+ xn = sk_X509_NAME_value(stack, idx);
-+ lh_X509_NAME_insert(name_hash, xn);
-+ }
-
- while ((filename = OPENSSL_DIR_read(&d, dir))) {
- char buf[1024];
-@@ -899,7 +954,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- #endif
- if (r <= 0 || r >= (int)sizeof(buf))
- goto err;
-- if (!SSL_add_file_cert_subjects_to_stack(stack, buf))
-+ if (!add_file_cert_subjects_to_stack(stack, buf, name_hash))
- goto err;
- }
-
-@@ -915,6 +970,7 @@ int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
- err:
- if (d)
- OPENSSL_DIR_end(&d);
-+ lh_X509_NAME_free(name_hash);
-
- return ret;
- }
diff --git a/0128-SAST-findings.patch b/0128-SAST-findings.patch
deleted file mode 100644
index 9ffc74b..0000000
--- a/0128-SAST-findings.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -up openssl-3.2.2/crypto/x509/pcy_tree.c.xxx openssl-3.2.2/crypto/x509/pcy_tree.c
---- openssl-3.2.2/crypto/x509/pcy_tree.c.xxx 2024-08-14 14:14:13.144850097 +0200
-+++ openssl-3.2.2/crypto/x509/pcy_tree.c 2024-08-14 14:14:53.213826481 +0200
-@@ -110,6 +110,8 @@ static int tree_init(X509_POLICY_TREE **ptree, STACK_OF(X509) *certs,
-
- *ptree = NULL;
-
-+ if (n < 0)
-+ return X509_PCY_TREE_INTERNAL;
- /* Can't do anything with just a trust anchor */
- if (n == 0)
- return X509_PCY_TREE_EMPTY;
diff --git a/0136-Add-ALPN-validation-in-the-client.patch b/0136-Add-ALPN-validation-in-the-client.patch
deleted file mode 100644
index 1406860..0000000
--- a/0136-Add-ALPN-validation-in-the-client.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From 195e15421df113d7283aab2ccff8b8fb06df5465 Mon Sep 17 00:00:00 2001
-From: Matt Caswell <matt@openssl.org>
-Date: Fri, 21 Jun 2024 11:51:54 +0100
-Subject: [PATCH 08/10] Add ALPN validation in the client
-
-The ALPN protocol selected by the server must be one that we originally
-advertised. We should verify that it is.
-
-Follow on from CVE-2024-5535
-
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/24717)
----
- ssl/statem/extensions_clnt.c | 24 ++++++++++++++++++++++++
- 1 file changed, 24 insertions(+)
-
-diff --git a/ssl/statem/extensions_clnt.c b/ssl/statem/extensions_clnt.c
-index 1ab3c13d57..ff9c009ee5 100644
---- a/ssl/statem/extensions_clnt.c
-+++ b/ssl/statem/extensions_clnt.c
-@@ -1590,6 +1590,8 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
- X509 *x, size_t chainidx)
- {
- size_t len;
-+ PACKET confpkt, protpkt;
-+ int valid = 0;
-
- /* We must have requested it. */
- if (!s->s3.alpn_sent) {
-@@ -1608,6 +1610,28 @@ int tls_parse_stoc_alpn(SSL_CONNECTION *s, PACKET *pkt, unsigned int context,
- SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
- return 0;
- }
-+
-+ /* It must be a protocol that we sent */
-+ if (!PACKET_buf_init(&confpkt, s->ext.alpn, s->ext.alpn_len)) {
-+ SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
-+ return 0;
-+ }
-+ while (PACKET_get_length_prefixed_1(&confpkt, &protpkt)) {
-+ if (PACKET_remaining(&protpkt) != len)
-+ continue;
-+ if (memcmp(PACKET_data(pkt), PACKET_data(&protpkt), len) == 0) {
-+ /* Valid protocol found */
-+ valid = 1;
-+ break;
-+ }
-+ }
-+
-+ if (!valid) {
-+ /* The protocol sent from the server does not match one we advertised */
-+ SSLfatal(s, SSL_AD_DECODE_ERROR, SSL_R_BAD_EXTENSION);
-+ return 0;
-+ }
-+
- OPENSSL_free(s->s3.alpn_selected);
- s->s3.alpn_selected = OPENSSL_malloc(len);
- if (s->s3.alpn_selected == NULL) {
---
-2.46.0
-
diff --git a/0139-CVE-2024-6119.patch b/0139-CVE-2024-6119.patch
deleted file mode 100644
index a39106a..0000000
--- a/0139-CVE-2024-6119.patch
+++ /dev/null
@@ -1,233 +0,0 @@
-diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
-index 1a18174995..a09414c972 100644
---- a/crypto/x509/v3_utl.c
-+++ b/crypto/x509/v3_utl.c
-@@ -916,36 +916,64 @@ static int do_x509_check(X509 *x, const char *chk, size_t chklen,
- ASN1_STRING *cstr;
-
- gen = sk_GENERAL_NAME_value(gens, i);
-- if ((gen->type == GEN_OTHERNAME) && (check_type == GEN_EMAIL)) {
-- if (OBJ_obj2nid(gen->d.otherName->type_id) ==
-- NID_id_on_SmtpUTF8Mailbox) {
-- san_present = 1;
--
-- /*
-- * If it is not a UTF8String then that is unexpected and we
-- * treat it as no match
-- */
-- if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) {
-- cstr = gen->d.otherName->value->value.utf8string;
--
-- /* Positive on success, negative on error! */
-- if ((rv = do_check_string(cstr, 0, equal, flags,
-- chk, chklen, peername)) != 0)
-- break;
-- }
-- } else
-+ switch (gen->type) {
-+ default:
-+ continue;
-+ case GEN_OTHERNAME:
-+ switch (OBJ_obj2nid(gen->d.otherName->type_id)) {
-+ default:
- continue;
-- } else {
-- if ((gen->type != check_type) && (gen->type != GEN_OTHERNAME))
-+ case NID_id_on_SmtpUTF8Mailbox:
-+ /*-
-+ * https://datatracker.ietf.org/doc/html/rfc8398#section-3
-+ *
-+ * Due to name constraint compatibility reasons described
-+ * in Section 6, SmtpUTF8Mailbox subjectAltName MUST NOT
-+ * be used unless the local-part of the email address
-+ * contains non-ASCII characters. When the local-part is
-+ * ASCII, rfc822Name subjectAltName MUST be used instead
-+ * of SmtpUTF8Mailbox. This is compatible with legacy
-+ * software that supports only rfc822Name (and not
-+ * SmtpUTF8Mailbox). [...]
-+ *
-+ * SmtpUTF8Mailbox is encoded as UTF8String.
-+ *
-+ * If it is not a UTF8String then that is unexpected, and
-+ * we ignore the invalid SAN (neither set san_present nor
-+ * consider it a candidate for equality). This does mean
-+ * that the subject CN may be considered, as would be the
-+ * case when the malformed SmtpUtf8Mailbox SAN is instead
-+ * simply absent.
-+ *
-+ * When CN-ID matching is not desirable, applications can
-+ * choose to turn it off, doing so is at this time a best
-+ * practice.
-+ */
-+ if (check_type != GEN_EMAIL
-+ || gen->d.otherName->value->type != V_ASN1_UTF8STRING)
-+ continue;
-+ alt_type = 0;
-+ cstr = gen->d.otherName->value->value.utf8string;
-+ break;
-+ }
-+ break;
-+ case GEN_EMAIL:
-+ if (check_type != GEN_EMAIL)
- continue;
-- }
-- san_present = 1;
-- if (check_type == GEN_EMAIL)
- cstr = gen->d.rfc822Name;
-- else if (check_type == GEN_DNS)
-+ break;
-+ case GEN_DNS:
-+ if (check_type != GEN_DNS)
-+ continue;
- cstr = gen->d.dNSName;
-- else
-+ break;
-+ case GEN_IPADD:
-+ if (check_type != GEN_IPADD)
-+ continue;
- cstr = gen->d.iPAddress;
-+ break;
-+ }
-+ san_present = 1;
- /* Positive on success, negative on error! */
- if ((rv = do_check_string(cstr, alt_type, equal, flags,
- chk, chklen, peername)) != 0)
-diff --git a/test/recipes/25-test_eai_data.t b/test/recipes/25-test_eai_data.t
-index 522982ddfb..e18735d89a 100644
---- a/test/recipes/25-test_eai_data.t
-+++ b/test/recipes/25-test_eai_data.t
-@@ -21,16 +21,18 @@ setup("test_eai_data");
- #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/utf8_chain.pem test/recipes/25-test_eai_data/ascii_leaf.pem
- #./util/wrap.pl apps/openssl verify -nameopt utf8 -no_check_time -CAfile test/recipes/25-test_eai_data/ascii_chain.pem test/recipes/25-test_eai_data/utf8_leaf.pem
-
--plan tests => 12;
-+plan tests => 16;
-
- require_ok(srctop_file('test','recipes','tconversion.pl'));
- my $folder = "test/recipes/25-test_eai_data";
-
- my $ascii_pem = srctop_file($folder, "ascii_leaf.pem");
- my $utf8_pem = srctop_file($folder, "utf8_leaf.pem");
-+my $kdc_pem = srctop_file($folder, "kdc-cert.pem");
-
- my $ascii_chain_pem = srctop_file($folder, "ascii_chain.pem");
- my $utf8_chain_pem = srctop_file($folder, "utf8_chain.pem");
-+my $kdc_chain_pem = srctop_file($folder, "kdc-root-cert.pem");
-
- my $out;
- my $outcnt = 0;
-@@ -56,10 +58,18 @@ SKIP: {
-
- ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $ascii_pem])));
- ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $utf8_pem])));
-+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $kdc_chain_pem, $kdc_pem])));
-
- ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $ascii_chain_pem, $utf8_pem])));
- ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-CAfile", $utf8_chain_pem, $ascii_pem])));
-
-+# Check an otherName does not get misparsed as an DNS name, (should trigger ASAN errors if violated).
-+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_hostname", 'mx1.example.com', "-CAfile", $kdc_chain_pem, $kdc_pem])));
-+# Check an otherName does not get misparsed as an email address, (should trigger ASAN errors if violated).
-+ok(run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'joe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem])));
-+# We expect SmtpUTF8Mailbox to be a UTF8 String, not an IA5String.
-+ok(!run(app(["openssl", "verify", "-nameopt", "utf8", "-no_check_time", "-verify_email", 'moe@example.com', "-CAfile", $kdc_chain_pem, $kdc_pem])));
-+
- #Check that we get the expected failure return code
- with({ exit_checker => sub { return shift == 2; } },
- sub {
-diff --git a/test/recipes/25-test_eai_data/kdc-cert.pem b/test/recipes/25-test_eai_data/kdc-cert.pem
-new file mode 100644
-index 0000000000..e8a2c6f55d
---- /dev/null
-+++ b/test/recipes/25-test_eai_data/kdc-cert.pem
-@@ -0,0 +1,21 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDbDCCAlSgAwIBAgIBAjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARSb290
-+MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAXMRUwEwYDVQQDDAxU
-+RVNULkVYQU1QTEUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6wfP+
-+6go79dkpo/dGLMlPZ7Gw/Q6gUYrCWZWUEgEeRVHCrqOlgUEyA+PcWas/XDPUxXry
-+BQlJHLvlqamAQn8gs4QPBARFYWKNiTVGyaRkgNA1N5gqyZdrP9UE+ZJmdqxRAAe8
-+vvpGZWSgevPhLUiSCFYDiD0Rtji2Hm3rGUrReQFBQDEw2pNGwz9zIaxUs08kQZcx
-+Yzyiplz5Oau+R/6sAgUwDlrD9xOlUxx/tA/MSDIfkK8qioU11uUZtO5VjkNQy/bT
-+7zQMmXxWgm2MIgOs1u4YN7YGOtgqHE9v9iPHHfgrkbQDtVDGQsa8AQEhkUDSCtW9
-+3VFAKx6dGNXYzFwfAgMBAAGjgcgwgcUwHQYDVR0OBBYEFFR5tZycW19DmtbL4Zqj
-+te1c2vZLMAkGA1UdIwQCMAAwCQYDVR0TBAIwADCBjQYDVR0RBIGFMIGCoD8GBisG
-+AQUCAqA1MDOgDhsMVEVTVC5FWEFNUExFoSEwH6ADAgEBoRgwFhsGa3JidGd0GwxU
-+RVNULkVYQU1QTEWgHQYIKwYBBQUHCAmgERYPbW9lQGV4YW1wbGUuY29tgQ9qb2VA
-+ZXhhbXBsZS5jb22CD214MS5leGFtcGxlLmNvbTANBgkqhkiG9w0BAQsFAAOCAQEA
-+T0xzVtVpRtaOzIhgzw7XQUdzWD5UEGSJJ1cBCOmKUWwDLTAouCYLFB4TbEE7MMUb
-+iuMy60bjmVtvfJIXorGUgSadRe5RWJ5DamJWvPA0Q9x7blnEcXqEF+9Td+ypevgU
-+UYHFmg83OYwxOsFXZ5cRuXMk3WCsDHQIBi6D1L6oDDZ2pfArs5mqm3thQKVlqyl1
-+El3XRYEdqAz/5eCOFNfwxF0ALxjxVr/Z50StUZU8I7Zfev6+kHhyrR7dqzYJImv9
-+0fTCOBEMjIETDsrA70OxAMu4V16nrWZdJdvzblS2qrt97Omkj+2kiPAJFB76RpwI
-+oDQ9fKfUOAmUFth2/R/eGA==
-+-----END CERTIFICATE-----
-diff --git a/test/recipes/25-test_eai_data/kdc-root-cert.pem b/test/recipes/25-test_eai_data/kdc-root-cert.pem
-new file mode 100644
-index 0000000000..a74c96bf31
---- /dev/null
-+++ b/test/recipes/25-test_eai_data/kdc-root-cert.pem
-@@ -0,0 +1,16 @@
-+-----BEGIN CERTIFICATE-----
-+MIICnDCCAYQCCQCBswYcrlZSHjANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARS
-+b290MCAXDTI0MDYyMDA2MTQxNVoYDzIxMjQwNjIwMDYxNDE1WjAPMQ0wCwYDVQQD
-+DARSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRj8S4kBbIUj
-+61kZfi6nE35Q38U140+qt4uAiwAhKumfVHlBM0zQ98WFt5zMHIBQwIb3yjc2zj+0
-+qzUnQfwm1r/RfcMmBPEti9Ge+aEMSsds2gMXziOFM8wd2aAFPy7UVE0XpEWofsRK
-+MGi61MKVdPSbGIxBwY9VW38/7D/wf1HtJe7y0xpuecR7GB2XAs+qST59NjuF+7wS
-+dLM8Hb3TATgeYbXXWsRJgwz+SPzExg5WmLnU+7y4brZ32dHtdSmkRVSgSlaIf7Xj
-+3Tc6Zi7I+W/JYk7hy1zUexVdWCak4PHcoWrXe0gNNN/t8VfLfMExt5z/HIylXnU7
-+pGUyqZlTGQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAHpLF1UCRy7b6Hk0rLokxI
-+lgwiH9BU9mktigAGASvkbllpt+YbUbWnuYAvpHBGiP1qZtfX2r96UrSJaGO9BEzT
-+Gp9ThnSjoj4Srul0+s/NArU22irFLmDzbalgevAmm9gMGkdqkiIm/mXbwrPj0ncl
-+KGicevXryVpvaP62eZ8cc3C4p97frMmXxRX8sTdQpD/gRI7prdEILRSKveqT+AEW
-+7rFGM5AOevb4U8ddop8A3D/kX0wcCAIBF6jCNk3uEJ57jVcagL04kPnVfdRiedTS
-+vfq1DRNcD29d1H/9u0fHdSn1/+8Ep3X+afQ3C6//5NvOEaXcIGO4QSwkprQydfv8
-+-----END CERTIFICATE-----
-diff --git a/test/recipes/25-test_eai_data/kdc.sh b/test/recipes/25-test_eai_data/kdc.sh
-new file mode 100755
-index 0000000000..7a8dbc719f
---- /dev/null
-+++ b/test/recipes/25-test_eai_data/kdc.sh
-@@ -0,0 +1,41 @@
-+#! /usr/bin/env bash
-+
-+# Create a root CA, signing a leaf cert with a KDC principal otherName SAN, and
-+# also a non-UTF8 smtpUtf8Mailbox SAN followed by an rfc822Name SAN and a DNS
-+# name SAN. In the vulnerable EAI code, the KDC principal `otherName` should
-+# trigger ASAN errors in DNS name checks, while the non-UTF8 `smtpUtf8Mailbox`
-+# should likewise lead to ASAN issues with email name checks.
-+
-+rm -f root-key.pem root-cert.pem
-+openssl req -nodes -new -newkey rsa:2048 -keyout kdc-root-key.pem \
-+ -x509 -subj /CN=Root -days 36524 -out kdc-root-cert.pem
-+
-+exts=$(
-+ printf "%s\n%s\n%s\n%s = " \
-+ "subjectKeyIdentifier = hash" \
-+ "authorityKeyIdentifier = keyid" \
-+ "basicConstraints = CA:false" \
-+ "subjectAltName"
-+ printf "%s, " "otherName:1.3.6.1.5.2.2;SEQUENCE:kdc_princ_name"
-+ printf "%s, " "otherName:1.3.6.1.5.5.7.8.9;IA5:moe@example.com"
-+ printf "%s, " "email:joe@example.com"
-+ printf "%s\n" "DNS:mx1.example.com"
-+ printf "[kdc_princ_name]\n"
-+ printf "realm = EXP:0, GeneralString:TEST.EXAMPLE\n"
-+ printf "principal_name = EXP:1, SEQUENCE:kdc_principal_seq\n"
-+ printf "[kdc_principal_seq]\n"
-+ printf "name_type = EXP:0, INTEGER:1\n"
-+ printf "name_string = EXP:1, SEQUENCE:kdc_principal_components\n"
-+ printf "[kdc_principal_components]\n"
-+ printf "princ1 = GeneralString:krbtgt\n"
-+ printf "princ2 = GeneralString:TEST.EXAMPLE\n"
-+ )
-+
-+printf "%s\n" "$exts"
-+
-+openssl req -nodes -new -newkey rsa:2048 -keyout kdc-key.pem \
-+ -subj "/CN=TEST.EXAMPLE" |
-+ openssl x509 -req -out kdc-cert.pem \
-+ -CA "kdc-root-cert.pem" -CAkey "kdc-root-key.pem" \
-+ -set_serial 2 -days 36524 \
-+ -extfile <(printf "%s\n" "$exts")
diff --git a/openssl.spec b/openssl.spec
index 0e65d64..657a844 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -28,10 +28,10 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
-Version: 3.2.4
-Release: 3%{?dist}
+Version: 3.5.0
+Release: 1%{?dist}
Epoch: 1
-Source: openssl-%{version}.tar.gz
+Source: openssl-%{version}-alpha1.tar.gz
Source2: Makefile.certificate
Source3: genpatches
Source4: openssl.rpmlintrc
@@ -39,130 +39,60 @@ Source6: make-dummy-cert
Source7: renew-dummy-cert
Source9: configuration-switch.h
Source10: configuration-prefix.h
-Source14: 0025-for-tests.patch
-# Patches exported from source git
-# Aarch64 and ppc64le use lib64
-Patch1: 0001-Aarch64-and-ppc64le-use-lib64.patch
-# Use more general default values in openssl.cnf
-Patch2: 0002-Use-more-general-default-values-in-openssl.cnf.patch
-# Do not install html docs
-Patch3: 0003-Do-not-install-html-docs.patch
-# Override default paths for the CA directory tree
-Patch4: 0004-Override-default-paths-for-the-CA-directory-tree.patch
-# apps/ca: fix md option help text
-Patch5: 0005-apps-ca-fix-md-option-help-text.patch
-# Disable signature verification with totally unsafe hash algorithms
-Patch6: 0006-Disable-signature-verification-with-totally-unsafe-h.patch
-# Add support for PROFILE=SYSTEM system default cipherlist
-Patch7: 0007-Add-support-for-PROFILE-SYSTEM-system-default-cipher.patch
-# Add FIPS_mode() compatibility macro
-Patch8: 0008-Add-FIPS_mode-compatibility-macro.patch
-# Add check to see if fips flag is enabled in kernel
-Patch9: 0009-Add-Kernel-FIPS-mode-flag-support.patch
-# Instead of replacing ectest.c and ec_curve.c, add the changes as a patch so
-# that new modifications made to these files by upstream are not lost.
-Patch10: 0010-Add-changes-to-ectest-and-eccurve.patch
-# remove unsupported EC curves
-Patch11: 0011-Remove-EC-curves.patch
-# Disable explicit EC curves
-# https://bugzilla.redhat.com/show_bug.cgi?id=2066412
-Patch12: 0012-Disable-explicit-ec.patch
-# Skipped tests from former 0011-Remove-EC-curves.patch
-Patch13: 0013-skipped-tests-EC-curves.patch
-# Instructions to load legacy provider in openssl.cnf
-Patch24: 0024-load-legacy-prov.patch
-# We load FIPS provider and set FIPS properties implicitly
-Patch32: 0032-Force-fips.patch
-# Embed HMAC into the fips.so
-# Modify fips self test as per
-# https://github.com/simo5/openssl/commit/9b95ef8bd2f5ac862e5eee74c724b535f1a8578a
-Patch33: 0033-FIPS-embed-hmac.patch
-# Comment out fipsinstall command-line utility
-Patch34: 0034.fipsinstall_disable.patch
-# Skip unavailable algorithms running `openssl speed`
-Patch35: 0035-speed-skip-unavailable-dgst.patch
-# Extra public/private key checks required by FIPS-140-3
-Patch44: 0044-FIPS-140-3-keychecks.patch
-# Minimize fips services
-Patch45: 0045-FIPS-services-minimize.patch
-# Execute KATS before HMAC verification
-Patch47: 0047-FIPS-early-KATS.patch
-# Selectively disallow SHA1 signatures rhbz#2070977
-Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
-# Originally from https://github.com/openssl/openssl/pull/18103
-# As we rebased to 3.0.7 and used the version of the function
-# not matching the upstream one, we have to use aliasing.
-# When we eliminate this patch, the `-Wl,--allow-multiple-definition`
-# should also be removed
-Patch56: 0056-strcasecmp.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2053289
-Patch58: 0058-FIPS-limit-rsa-encrypt.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2087147
-Patch61: 0061-Deny-SHA-1-signature-verification-in-FIPS-provider.patch
-# 0062-fips-Expose-a-FIPS-indicator.patch
-Patch62: 0062-fips-Expose-a-FIPS-indicator.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
-Patch73: 0073-FIPS-Use-OAEP-in-KATs-support-fixed-OAEP-seed.patch
-# 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
-Patch74: 0074-FIPS-Use-digest_sign-digest_verify-in-self-test.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2102535
-Patch75: 0075-FIPS-Use-FFDHE2048-in-self-test.patch
-# Downstream only. Reseed DRBG using getrandom(GRND_RANDOM)
-# https://bugzilla.redhat.com/show_bug.cgi?id=2102541
-Patch76: 0076-FIPS-140-3-DRBG.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2102542
-Patch77: 0077-FIPS-140-3-zeroization.patch
-# https://bugzilla.redhat.com/show_bug.cgi?id=2114772
-Patch78: 0078-KDF-Add-FIPS-indicators.patch
-# We believe that some changes present in CentOS are not necessary
-# because ustream has a check for FIPS version
-Patch80: 0080-rand-Forbid-truncated-hashes-SHA-3-in-FIPS-prov.patch
-# 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
-Patch81: 0081-signature-Remove-X9.31-padding-from-FIPS-prov.patch
-# 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
-Patch83: 0083-hmac-Add-explicit-FIPS-indicator-for-key-length.patch
-# 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
-Patch84: 0084-pbkdf2-Set-minimum-password-length-of-8-bytes.patch
-# 0085-FIPS-RSA-disable-shake.patch
-Patch85: 0085-FIPS-RSA-disable-shake.patch
-# 0088-signature-Add-indicator-for-PSS-salt-length.patch
-Patch88: 0088-signature-Add-indicator-for-PSS-salt-length.patch
-# 0091-FIPS-RSA-encapsulate.patch
-Patch91: 0091-FIPS-RSA-encapsulate.patch
-# 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
-Patch93: 0093-DH-Disable-FIPS-186-4-type-parameters-in-FIPS-mode.patch
-# 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
-Patch110: 0110-GCM-Implement-explicit-FIPS-indicator-for-IV-gen.patch
-# 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
-Patch112: 0112-pbdkf2-Set-indicator-if-pkcs5-param-disabled-checks.patch
-# 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
-Patch113: 0113-asymciphers-kem-Add-explicit-FIPS-indicator.patch
-# We believe that some changes present in CentOS are not necessary
-# because ustream has a check for FIPS version
-Patch114: 0114-FIPS-enforce-EMS-support.patch
-# Amend tests according to Fedora/RHEL code
-Patch115: 0115-skip-quic-pairwise.patch
-# Add version aliasing due to
-# https://github.com/openssl/openssl/issues/23534
-Patch116: 0116-version-aliasing.patch
-# https://github.com/openssl/openssl/issues/23050
-Patch117: 0117-ignore-unknown-sigalgorithms-groups.patch
-# https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer
-Patch120: 0120-Allow-disabling-of-SHA1-signatures.patch
-# From CentOS 9
-Patch121: 0121-FIPS-cms-defaults.patch
-# [PATCH 50/50] Assign IANA numbers for hybrid PQ KEX Porting the fix
-# in https://github.com/openssl/openssl/pull/22803
-Patch122: 0122-Assign-IANA-numbers-for-hybrid-PQ-KEX.patch
-# https://github.com/openssl/openssl/issues/24577
-Patch124: 0124-PBMAC1-PKCS12-FIPS-support.patch
-# Downstream patch: enforce PBMAC1 in FIPS mode
-Patch125: 0125-PBMAC1-PKCS12-FIPS-default.patch
-# https://github.com/openssl/openssl/issues/25127
-Patch126: 0126-pkeyutl-encap.patch
-# https://github.com/openssl/openssl/issues/25056
-Patch127: 0127-speedup-SSL_add_cert_subjects_to_stack.patch
-Patch128: 0128-SAST-findings.patch
+#Source14: 0025-for-tests.patch
+
+Patch0001: 0001-RH-Aarch64-and-ppc64le-use-lib64.patch
+Patch0002: 0002-Add-a-separate-config-file-to-use-for-rpm-installs.patch
+Patch0003: 0003-RH-Do-not-install-html-docs.patch
+Patch0004: 0004-RH-Override-default-paths-for-the-CA-directory-tree.patch
+Patch0005: 0005-RH-Instructions-to-load-legacy-provider.patch
+Patch0006: 0006-RH-apps-ca-fix-md-option-help-text.patch-DROP.patch
+Patch0007: 0007-RH-Disable-signature-verification-with-bad-digests-R.patch
+Patch0008: 0008-RH-Add-support-for-PROFILE-SYSTEM-system-default-cip.patch
+Patch0009: 0009-RH-Add-FIPS_mode-compatibility-macro.patch
+Patch0010: 0010-RH-Add-Kernel-FIPS-mode-flag-support-FIXSTYLE.patch
+Patch0011: 0011-RH-Drop-weak-curve-definitions-RENAMED-SQUASHED.patch
+Patch0012: 0012-RH-Disable-explicit-ec-curves.patch
+Patch0013: 0013-RH-skipped-tests-EC-curves.patch
+Patch0014: 0014-RH-skip-quic-pairwise.patch
+Patch0015: 0015-RH-version-aliasing.patch
+Patch0016: 0016-RH-Export-two-symbols-for-OPENSSL_str-n-casecmp.patch
+Patch0017: 0017-RH-TMP-KTLS-test-skip.patch
+Patch0018: 0018-RH-Allow-disabling-of-SHA1-signatures.patch
+Patch0019: 0019-FIPS-Force-fips-provider-on.patch
+Patch0020: 0020-FIPS-Embed-hmac-in-fips.so-NOTE.patch
+Patch0021: 0021-FIPS-Add-script-to-hmac-ify-the-fips.so-provider.patch
+Patch0022: 0022-FIPS-disable-fipsinstall.patch
+Patch0023: 0023-FIPS-FIPS-140-3-key-checks-REVIEW.patch
+Patch0024: 0024-FIPS-Execute-KATS-before-HMAC-verification-REVIEW.patch
+Patch0025: 0025-FIPS-limit-rsa-encrypt-REVIEW.patch
+Patch0026: 0026-FIPS-Deny-SHA-1-signature-verification.patch
+Patch0027: 0027-NEEDS-REWORK-FIPS-Use-OAEP-in-KATs-support-fixed-OAE.patch
+Patch0028: 0028-FIPS-FIPS-140-3-DRBG-NEEDS-REVIEW.patch
+Patch0029: 0029-FIPS-rand-Forbid-truncated-hashes-SHA-3.patch
+Patch0030: 0030-FIPS-Remove-X9.31-padding-for-signatures.patch
+Patch0031: 0031-FIPS-Set-minimum-password-length-for-pbkdf2.patch
+Patch0032: 0032-FIPS-Disallow-SHAKE-in-RSA-OAEP-and-RSA-PSS.patch
+Patch0033: 0033-FIPS-RSA-encapsulate.patch
+Patch0034: 0034-FIPS-Disable-FIPS-186-4-DH-type-parameters.patch
+Patch0035: 0035-FIPS-Enforce-EMS-in-TLS-1.2-NOTE.patch
+Patch0036: 0036-FIPS-Set-default-padding-to-OAEP-in-CMS.patch
+Patch0037: 0037-FIPS-PBMAC1-PKCS12-defaults.patch
+Patch0038: 0038-FIPS-Fix-encoder-decoder-negative-test.patch
+Patch0039: 0039-FIPS-disable-weak-EC-curves.patch
+Patch0040: 0040-FIPS-NO-DSA-Support.patch
+Patch0041: 0041-FIPS-Red-Hat-s-FIPS-module-name-and-version.patch
+Patch0042: 0042-FIPS-NO-DES-support.patch
+Patch0043: 0043-FIPS-RSA-size-mode-restrictions.patch
+Patch0044: 0044-FIPS-NO-Kmac.patch
+Patch0045: 0045-FIPS-NO-ECX-Ed-X-25519-448.patch
+Patch0046: 0046-FIPS-NO-PQ-ML-SLH-DSA.patch
+Patch0047: 0047-Revert-FIPS-NO-ECX-Ed-X-25519-448.patch
+Patch0048: 0048-FIPS-Fix-some-tests-due-to-our-versioning-change.patch
+Patch0049: 0049-Current-Rebase-status.patch
+# #26964, #27012
+Patch0050: 0050-RCU-ppc64.patch
+
License: Apache-2.0
URL: http://www.openssl.org/
@@ -174,7 +104,7 @@ BuildRequires: /usr/bin/pod2man
BuildRequires: /usr/sbin/sysctl
BuildRequires: perl(Test::Harness), perl(Test::More), perl(Math::BigInt)
BuildRequires: perl(Module::Load::Conditional), perl(File::Temp)
-BuildRequires: perl(Time::HiRes), perl(IPC::Cmd), perl(Pod::Html), perl(Digest::SHA)
+BuildRequires: perl(Time::HiRes), perl(Time::Piece), perl(IPC::Cmd), perl(Pod::Html), perl(Digest::SHA)
BuildRequires: perl(FindBin), perl(lib), perl(File::Compare), perl(File::Copy), perl(bigint)
BuildRequires: git-core
BuildRequires: systemtap-sdt-devel
@@ -238,7 +168,7 @@ package provides Perl scripts for converting certificates and keys
from other formats to the formats used by the OpenSSL toolkit.
%prep
-%autosetup -S git -n %{name}-%{version}
+%autosetup -S git -n %{name}-%{version}-alpha1
%build
# Figure out which flags we want to use.
@@ -326,7 +256,8 @@ export HASHBANGPERL=/usr/bin/perl
zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
enable-cms enable-md2 enable-rc5 ${ktlsopt} enable-fips -D_GNU_SOURCE\
no-mdc2 no-ec2m no-sm2 no-sm4 no-atexit enable-buildtest-c++\
- shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\"" -DREDHAT_FIPS_VERSION="\"%{fips}\""'\
+ shared ${sslarch} $RPM_OPT_FLAGS '-DDEVRANDOM="\"/dev/urandom\""' -DOPENSSL_PEDANTIC_ZEROIZATION\
+ -DREDHAT_FIPS_VENDOR='"\"Red Hat Enterprise Linux OpenSSL FIPS Provider\""' -DREDHAT_FIPS_VERSION='"\"Rebase Testing\""'\
-Wl,--allow-multiple-definition
# Do not run this in a production package the FIPS symbols must be patched-in
@@ -350,9 +281,9 @@ done
mv -f configdata.pm.new configdata.pm)
# We must revert patch4 before tests otherwise they will fail
-patch -p1 -R < %{PATCH4}
+#patch -p1 -R < %{PATCH4}
#We must disable default provider before tests otherwise they will fail
-patch -p1 < %{SOURCE14}
+#patch -p1 < %{SOURCE14}
OPENSSL_ENABLE_MD5_VERIFY=
export OPENSSL_ENABLE_MD5_VERIFY
@@ -370,6 +301,7 @@ objcopy --update-section .rodata1=providers/fips.so.hmac providers/fips.so provi
mv providers/fips.so.mac providers/fips.so
#run tests itself
make test HARNESS_JOBS=8
+#make test
# Add generation of HMAC checksum of the final stripped library
# We manually copy standard definition of __spec_install_post
@@ -410,6 +342,7 @@ for lib in $RPM_BUILD_ROOT%{_libdir}/*.so.%{version} ; do
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`
ln -s -f `basename ${lib}` $RPM_BUILD_ROOT%{_libdir}/`basename ${lib} .%{version}`.%{soversion}
done
+mv rh-openssl.cnf $RPM_BUILD_ROOT%{_sysconfdir}/pki/tls/openssl.cnf
# Remove static libraries
for lib in $RPM_BUILD_ROOT%{_libdir}/*.a ; do
@@ -520,6 +453,9 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
%{_mandir}/man3/*
%exclude %{_mandir}/man3/ENGINE*
%{_libdir}/pkgconfig/*.pc
+%{_libdir}/cmake/OpenSSL/OpenSSLConfig.cmake
+%{_libdir}/cmake/OpenSSL/OpenSSLConfigVersion.cmake
+
%files devel-engine
%{_prefix}/include/openssl/engine*.h
@@ -540,6 +476,9 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
%ldconfig_scriptlets libs
%changelog
+* Wed Mar 21 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-1
+- Early rebasing to OpenSSL 3.5-alpha
+
* Thu Mar 13 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.4-3
- Proper providing of default cipher string file on compilation
Build with no-atexit similar to CentOS/RHEL
diff --git a/sources b/sources
index 39048e6..4728903 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (openssl-3.2.4.tar.gz) = 24712cb722ed8daff51db9deec4db982256cccd1a537d3a8690a94a6fd41815fd85cab95e551212938f28a61ed658d285b07734f7b88d8a0b18a318602d424f2
+SHA512 (openssl-3.5.0-alpha1.tar.gz) = a133f5819a1c319d23ccf253e5b8d2ac67b2ad235d2b4892260288fc8e78053de8aa5815bb9a798668710e553e4d52694ceeb7dd367fa310544a6bb9a317bdf5
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:45 [rpms/openssl] rebase_40beta: Rebase to 3.5.0-alpha1 Dmitry Belyavskiy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox